ACK: [PATCH] acpi: acpitables: make length and skip signed to handle -ve underflow (LP: #1435272)
Alex Hung
alex.hung at canonical.com
Wed Mar 25 03:12:29 UTC 2015
On 03/23/2015 07:22 PM, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> Make sizes signed so that large skips that are too long make length
> underflow rather than wrap around causing a null pointer dereference
> and hence a SEGFAULT.
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
> src/acpi/acpitables/acpitables.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/acpi/acpitables/acpitables.c b/src/acpi/acpitables/acpitables.c
> index fb5639a..ab75aca 100644
> --- a/src/acpi/acpitables/acpitables.c
> +++ b/src/acpi/acpitables/acpitables.c
> @@ -312,7 +312,7 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl
> fwts_acpi_table_madt *madt = (fwts_acpi_table_madt*)table->data;
> fwts_list msi_frame_ids;
> const uint8_t *data = table->data;
> - size_t length = table->length;
> + ssize_t length = table->length;
> int i = 0;
>
> fwts_list_init(&msi_frame_ids);
> @@ -326,9 +326,9 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl
> data += sizeof(fwts_acpi_table_madt);
> length -= sizeof(fwts_acpi_table_madt);
>
> - while (length > sizeof(fwts_acpi_madt_sub_table_header)) {
> + while (length > (ssize_t)sizeof(fwts_acpi_madt_sub_table_header)) {
> fwts_acpi_madt_sub_table_header *hdr = (fwts_acpi_madt_sub_table_header*)data;
> - size_t skip = 0;
> + ssize_t skip = 0;
> i++;
>
> data += sizeof(fwts_acpi_madt_sub_table_header);
>
Acked-by: Alex Hung <alex.hung at canonical.com>
More information about the fwts-devel
mailing list