aboutsummaryrefslogtreecommitdiffstats
path: root/mm/vmscan.c
diff options
context:
space:
mode:
authorThomas Gleixner <tglx@linutronix.de>2011-05-04 08:00:47 +0200
committerThomas Gleixner <tglx@linutronix.de>2011-05-04 08:18:17 +0200
commitce788f930b0cdf821de7ee8f84cfe8cf7fcb6311 (patch)
tree4f4d451b4e81d6693199fcfb405f6133e6cae61c /mm/vmscan.c
parent99ee5315dac6211e972fa3f23bcc9a0343ff58c4 (diff)
downloadkernel_samsung_crespo-ce788f930b0cdf821de7ee8f84cfe8cf7fcb6311.zip
kernel_samsung_crespo-ce788f930b0cdf821de7ee8f84cfe8cf7fcb6311.tar.gz
kernel_samsung_crespo-ce788f930b0cdf821de7ee8f84cfe8cf7fcb6311.tar.bz2
alarmtimer: Check return value of class_find_device()
alarmtimer_late_init() uses class_find_device() to find a alarm capable rtc device. The match callback stores a pointer to the name in the char pointer handed in from the call site. alarmtimer_late_init() checks the char pointer for NULL, but the pointer is on the stack and not initialized to NULL before the call. So it can have random content when the match function did not identify a device, which leads to random access in the following rtc_open() call where the pointer is dereferenced Instead of relying on the char pointer, check the return value of class_find_device. If a device is found then the name pointer is valid as well. Reported-by: Ingo Molnar <mingo@elte.hu> Cc: John Stultz <john.stultz@linaro.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'mm/vmscan.c')
0 files changed, 0 insertions, 0 deletions