[PATCH] acpi: pmtt: fix infinite loops when length is incorrectly zero
Colin Ian King
colin.king at canonical.com
Thu Jan 14 00:47:03 UTC 2021
On 14/01/2021 00:41, Alex Hung wrote:
> Signed-off-by: Alex Hung <alex.hung at canonical.com>
> ---
> src/acpi/pmtt/pmtt.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/src/acpi/pmtt/pmtt.c b/src/acpi/pmtt/pmtt.c
> index 99fd510d..def44a51 100644
> --- a/src/acpi/pmtt/pmtt.c
> +++ b/src/acpi/pmtt/pmtt.c
> @@ -104,6 +104,14 @@ static void pmtt_controller_test(fwts_framework *fw, fwts_acpi_table_pmtt_contro
> offset += sizeof(fwts_acpi_table_pmtt_domain) * entry->domain_count;
> header = (fwts_acpi_table_pmtt_header *) (((char *) entry) + offset);
> while (offset < entry->header.length) {
> +
^ can the empty line above be removed
> + if (header->length == 0) {
> + fwts_failed(fw, LOG_LEVEL_CRITICAL,
> + "PMTTBadSubtableLength",
> + "PMTT Controller has a subtable with zero length");
> + break;
> + }
> +
> if (header->type == FWTS_ACPI_PMTT_TYPE_DIMM) {
> pmtt_physical_component_test(fw, (fwts_acpi_table_pmtt_physical_component *) header, passed);
> } else {
> @@ -132,7 +140,16 @@ static void pmtt_socket_test(fwts_framework *fw, fwts_acpi_table_pmtt_socket *en
>
> offset = sizeof(fwts_acpi_table_pmtt_socket);
> header = (fwts_acpi_table_pmtt_header *) (((char *) entry) + offset);
> +
> while (offset < entry->header.length) {
> +
^ and remove this one too.
> + if (header->length == 0) {
> + fwts_failed(fw, LOG_LEVEL_CRITICAL,
> + "PMTTBadSubtableLength",
> + "PMTT Socket has a subtable with zero length");
> + break;
> + }
> +
> if (header->type == FWTS_ACPI_PMTT_TYPE_CONTROLLER) {
> pmtt_controller_test(fw, (fwts_acpi_table_pmtt_controller *) header, passed);
> } else {
>
Thanks
More information about the fwts-devel
mailing list