ACK: [PATCH] acpi: csrt: fix resource descriptor can go over boundary

Wed Mar 2 10:24:23 UTC 2016

On 02/03/16 10:13, Alex Hung wrote:
> When calculating the rd_offset, SharedInfoLength is not added.
> As a result, rd_offset is smaller than it should have been.
> 
> Signed-off-by: Alex Hung <alex.hung at canonical.com>
> ---
>  src/acpi/csrt/csrt.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/src/acpi/csrt/csrt.c b/src/acpi/csrt/csrt.c
> index d1ef853..2a29826 100644
> --- a/src/acpi/csrt/csrt.c
> +++ b/src/acpi/csrt/csrt.c
> @@ -122,7 +122,8 @@ static int csrt_test1(fwts_framework *fw)
>  
>  		/* Do we have enough space for a resource descriptor? */
>  		if (rg_length > sizeof(fwts_acpi_table_csrt_resource_descriptor)) {
> -			size_t rd_offset = sizeof(fwts_acpi_table_csrt_resource_group);
> +			size_t rd_offset = sizeof(fwts_acpi_table_csrt_resource_group) +
> +					   rg->shared_info_length;
>  			int rd_count = 0;
>  			fwts_acpi_table_csrt_resource_descriptor *rd =
>  				(fwts_acpi_table_csrt_resource_descriptor *)
> 
Good catch

Acjed-by: Colin Ian King <colin.king at canonical.com>