ACPI: fix broken usage of name.ascii

This issue was fixed indirectly in mainline by commit
0175d562a29ad052c510782c7e76bc63d5155b9b.

acpi_namespace_node's name.ascii field is four chars, and not NULL-
terminated except by pure luck.  So, it cannot be used by sscanf() without
a length restriction.

This is the minimal fix for both stable 2.6.27 and 2.6.28.

Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: Lin Ming <ming.m.lin@intel.com>
Cc: Len Brown <lenb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
index 30f3ef236ecb1b354548c5bb2570866eaa8ec6be..4aa9477d982298f70de207cf8dcdd9170fca9b75 100644 (file)
--- a/drivers/acpi/ec.c
+++ b/drivers/acpi/ec.c
@@ -759,9 +759,10 @@ acpi_ec_register_query_methods(acpi_handle handle, u32 level,
        struct acpi_namespace_node *node = handle;
        struct acpi_ec *ec = context;
        int value = 0;
-       if (sscanf(node->name.ascii, "_Q%x", &value) == 1) {
+
+       if (sscanf(node->name.ascii, "_Q%2x", &value) == 1)
                acpi_ec_add_query_handler(ec, value, handle, NULL, NULL);
-       }
+
        return AE_OK;
 }