| Message ID | 1427109760-8654-1-git-send-email-colin.king@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
On 03/23/2015 07:22 PM, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > Make sizes signed so that large skips that are too long make length > underflow rather than wrap around causing a null pointer dereference > and hence a SEGFAULT. > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > src/acpi/acpitables/acpitables.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/acpi/acpitables/acpitables.c b/src/acpi/acpitables/acpitables.c > index fb5639a..ab75aca 100644 > --- a/src/acpi/acpitables/acpitables.c > +++ b/src/acpi/acpitables/acpitables.c > @@ -312,7 +312,7 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl > fwts_acpi_table_madt *madt = (fwts_acpi_table_madt*)table->data; > fwts_list msi_frame_ids; > const uint8_t *data = table->data; > - size_t length = table->length; > + ssize_t length = table->length; > int i = 0; > > fwts_list_init(&msi_frame_ids); > @@ -326,9 +326,9 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl > data += sizeof(fwts_acpi_table_madt); > length -= sizeof(fwts_acpi_table_madt); > > - while (length > sizeof(fwts_acpi_madt_sub_table_header)) { > + while (length > (ssize_t)sizeof(fwts_acpi_madt_sub_table_header)) { > fwts_acpi_madt_sub_table_header *hdr = (fwts_acpi_madt_sub_table_header*)data; > - size_t skip = 0; > + ssize_t skip = 0; > i++; > > data += sizeof(fwts_acpi_madt_sub_table_header); > Acked-by: Alex Hung <alex.hung@canonical.com>
On 2015年03月23日 19:22, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > Make sizes signed so that large skips that are too long make length > underflow rather than wrap around causing a null pointer dereference > and hence a SEGFAULT. > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > src/acpi/acpitables/acpitables.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/acpi/acpitables/acpitables.c b/src/acpi/acpitables/acpitables.c > index fb5639a..ab75aca 100644 > --- a/src/acpi/acpitables/acpitables.c > +++ b/src/acpi/acpitables/acpitables.c > @@ -312,7 +312,7 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl > fwts_acpi_table_madt *madt = (fwts_acpi_table_madt*)table->data; > fwts_list msi_frame_ids; > const uint8_t *data = table->data; > - size_t length = table->length; > + ssize_t length = table->length; > int i = 0; > > fwts_list_init(&msi_frame_ids); > @@ -326,9 +326,9 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl > data += sizeof(fwts_acpi_table_madt); > length -= sizeof(fwts_acpi_table_madt); > > - while (length > sizeof(fwts_acpi_madt_sub_table_header)) { > + while (length > (ssize_t)sizeof(fwts_acpi_madt_sub_table_header)) { > fwts_acpi_madt_sub_table_header *hdr = (fwts_acpi_madt_sub_table_header*)data; > - size_t skip = 0; > + ssize_t skip = 0; > i++; > > data += sizeof(fwts_acpi_madt_sub_table_header); Acked-by: Ivan Hu <ivan.hu@canonical.com>
diff --git a/src/acpi/acpitables/acpitables.c b/src/acpi/acpitables/acpitables.c index fb5639a..ab75aca 100644 --- a/src/acpi/acpitables/acpitables.c +++ b/src/acpi/acpitables/acpitables.c @@ -312,7 +312,7 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl fwts_acpi_table_madt *madt = (fwts_acpi_table_madt*)table->data; fwts_list msi_frame_ids; const uint8_t *data = table->data; - size_t length = table->length; + ssize_t length = table->length; int i = 0; fwts_list_init(&msi_frame_ids); @@ -326,9 +326,9 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl data += sizeof(fwts_acpi_table_madt); length -= sizeof(fwts_acpi_table_madt); - while (length > sizeof(fwts_acpi_madt_sub_table_header)) { + while (length > (ssize_t)sizeof(fwts_acpi_madt_sub_table_header)) { fwts_acpi_madt_sub_table_header *hdr = (fwts_acpi_madt_sub_table_header*)data; - size_t skip = 0; + ssize_t skip = 0; i++; data += sizeof(fwts_acpi_madt_sub_table_header);