Patchwork acpica: Fix segfault when disassembling AML (LP: #1050475)

login
register
mail settings
Submitter Colin King
Date Sept. 13, 2012, 4:04 p.m.
Message ID <1347552262-3494-1-git-send-email-colin.king@canonical.com>
Download mbox | patch
Permalink /patch/183670/
State Accepted
Headers show

Comments

Colin King - Sept. 13, 2012, 4:04 p.m.
From: Colin Ian King <colin.king@canonical.com>

Running fwts against a collection of test tables I found a segfault
in source/components/disassembler/dmopcode.c:334, due to Tag being
null. This patch is a fix from Robert Moore at Intel which will land
in the September release of ACPICA/iASL.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 src/acpica/source/common/dmrestag.c                  |    5 +++++
 src/acpica/source/components/disassembler/dmopcode.c |    4 ++++
 2 files changed, 9 insertions(+)
Keng-Yu Lin - Sept. 14, 2012, 2:34 a.m.
On Fri, Sep 14, 2012 at 12:04 AM, Colin King <colin.king@canonical.com> wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Running fwts against a collection of test tables I found a segfault
> in source/components/disassembler/dmopcode.c:334, due to Tag being
> null. This patch is a fix from Robert Moore at Intel which will land
> in the September release of ACPICA/iASL.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  src/acpica/source/common/dmrestag.c                  |    5 +++++
>  src/acpica/source/components/disassembler/dmopcode.c |    4 ++++
>  2 files changed, 9 insertions(+)
>
> diff --git a/src/acpica/source/common/dmrestag.c b/src/acpica/source/common/dmrestag.c
> index 9afaad3..3097f15 100644
> --- a/src/acpica/source/common/dmrestag.c
> +++ b/src/acpica/source/common/dmrestag.c
> @@ -541,6 +541,11 @@ AcpiDmCheckResourceReference (
>      /* Get the Index term, must be an integer constant to convert */
>
>      IndexOp = BufferNameOp->Common.Next;
> +
> +    /* Major cheat: The Node field is also used for the Tag ptr. Clear it now */
> +
> +    IndexOp->Common.Node = NULL;
> +
>      OpInfo = AcpiPsGetOpcodeInfo (IndexOp->Common.AmlOpcode);
>      if (OpInfo->ObjectType != ACPI_TYPE_INTEGER)
>      {
> diff --git a/src/acpica/source/components/disassembler/dmopcode.c b/src/acpica/source/components/disassembler/dmopcode.c
> index 252b1b8..c6fa387 100644
> --- a/src/acpica/source/components/disassembler/dmopcode.c
> +++ b/src/acpica/source/components/disassembler/dmopcode.c
> @@ -326,6 +326,10 @@ AcpiDmFieldPredefinedDescription (
>      /* Major cheat: We previously put the Tag ptr in the Node field */
>
>      Tag = ACPI_CAST_PTR (char, IndexOp->Common.Node);
> +    if (!Tag)
> +    {
> +        return;
> +    }
>
>      /* Match the name in the info table */
>
> --
> 1.7.10.4
>

Acked-by: Keng-Yu Lin <kengyu@canonical.com>
Alex Hung - Sept. 14, 2012, 3:48 a.m.
On 09/14/2012 12:04 AM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Running fwts against a collection of test tables I found a segfault
> in source/components/disassembler/dmopcode.c:334, due to Tag being
> null. This patch is a fix from Robert Moore at Intel which will land
> in the September release of ACPICA/iASL.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>   src/acpica/source/common/dmrestag.c                  |    5 +++++
>   src/acpica/source/components/disassembler/dmopcode.c |    4 ++++
>   2 files changed, 9 insertions(+)
>
> diff --git a/src/acpica/source/common/dmrestag.c b/src/acpica/source/common/dmrestag.c
> index 9afaad3..3097f15 100644
> --- a/src/acpica/source/common/dmrestag.c
> +++ b/src/acpica/source/common/dmrestag.c
> @@ -541,6 +541,11 @@ AcpiDmCheckResourceReference (
>       /* Get the Index term, must be an integer constant to convert */
>
>       IndexOp = BufferNameOp->Common.Next;
> +
> +    /* Major cheat: The Node field is also used for the Tag ptr. Clear it now */
> +
> +    IndexOp->Common.Node = NULL;
> +
>       OpInfo = AcpiPsGetOpcodeInfo (IndexOp->Common.AmlOpcode);
>       if (OpInfo->ObjectType != ACPI_TYPE_INTEGER)
>       {
> diff --git a/src/acpica/source/components/disassembler/dmopcode.c b/src/acpica/source/components/disassembler/dmopcode.c
> index 252b1b8..c6fa387 100644
> --- a/src/acpica/source/components/disassembler/dmopcode.c
> +++ b/src/acpica/source/components/disassembler/dmopcode.c
> @@ -326,6 +326,10 @@ AcpiDmFieldPredefinedDescription (
>       /* Major cheat: We previously put the Tag ptr in the Node field */
>
>       Tag = ACPI_CAST_PTR (char, IndexOp->Common.Node);
> +    if (!Tag)
> +    {
> +        return;
> +    }
>
>       /* Match the name in the info table */
>
>
Acked-by: Alex Hung <alex.hung@canonical.com>

Patch

diff --git a/src/acpica/source/common/dmrestag.c b/src/acpica/source/common/dmrestag.c
index 9afaad3..3097f15 100644
--- a/src/acpica/source/common/dmrestag.c
+++ b/src/acpica/source/common/dmrestag.c
@@ -541,6 +541,11 @@  AcpiDmCheckResourceReference (
     /* Get the Index term, must be an integer constant to convert */
 
     IndexOp = BufferNameOp->Common.Next;
+
+    /* Major cheat: The Node field is also used for the Tag ptr. Clear it now */
+
+    IndexOp->Common.Node = NULL;
+
     OpInfo = AcpiPsGetOpcodeInfo (IndexOp->Common.AmlOpcode);
     if (OpInfo->ObjectType != ACPI_TYPE_INTEGER)
     {
diff --git a/src/acpica/source/components/disassembler/dmopcode.c b/src/acpica/source/components/disassembler/dmopcode.c
index 252b1b8..c6fa387 100644
--- a/src/acpica/source/components/disassembler/dmopcode.c
+++ b/src/acpica/source/components/disassembler/dmopcode.c
@@ -326,6 +326,10 @@  AcpiDmFieldPredefinedDescription (
     /* Major cheat: We previously put the Tag ptr in the Node field */
 
     Tag = ACPI_CAST_PTR (char, IndexOp->Common.Node);
+    if (!Tag)
+    {
+        return;
+    }
 
     /* Match the name in the info table */