[PATCH] acpi: acpitables: make length and skip signed to handle -ve underflow (LP: #1435272)
Colin King
colin.king at canonical.com
Mon Mar 23 11:22:40 UTC 2015
From: Colin Ian King <colin.king at canonical.com>
Make sizes signed so that large skips that are too long make length
underflow rather than wrap around causing a null pointer dereference
and hence a SEGFAULT.
Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
src/acpi/acpitables/acpitables.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/acpi/acpitables/acpitables.c b/src/acpi/acpitables/acpitables.c
index fb5639a..ab75aca 100644
--- a/src/acpi/acpitables/acpitables.c
+++ b/src/acpi/acpitables/acpitables.c
@@ -312,7 +312,7 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl
fwts_acpi_table_madt *madt = (fwts_acpi_table_madt*)table->data;
fwts_list msi_frame_ids;
const uint8_t *data = table->data;
- size_t length = table->length;
+ ssize_t length = table->length;
int i = 0;
fwts_list_init(&msi_frame_ids);
@@ -326,9 +326,9 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl
data += sizeof(fwts_acpi_table_madt);
length -= sizeof(fwts_acpi_table_madt);
- while (length > sizeof(fwts_acpi_madt_sub_table_header)) {
+ while (length > (ssize_t)sizeof(fwts_acpi_madt_sub_table_header)) {
fwts_acpi_madt_sub_table_header *hdr = (fwts_acpi_madt_sub_table_header*)data;
- size_t skip = 0;
+ ssize_t skip = 0;
i++;
data += sizeof(fwts_acpi_madt_sub_table_header);
--
2.1.4
More information about the fwts-devel
mailing list