Permalink
Browse files

Resources: Not a valid resource if buffer length too long

The declared buffer length must be the same as the length of the
byte initializer list, otherwise not a valid resource descriptor.
  • Loading branch information...
acpibob committed Oct 4, 2016
1 parent a002071 commit 9f76de2d249b18804e35fb55d14b1c2604d627a1
Showing with 16 additions and 5 deletions.
  1. +16 −5 source/components/utilities/utresrc.c
@@ -533,16 +533,19 @@ AcpiUtWalkAmlResources (
UINT8 *EndAml;
UINT8 ResourceIndex;
UINT32 Length;
ACPI_SIZE ThisAmlLength = 0;
UINT32 Offset = 0;
UINT8 EndTag[2] = {0x79, 0x00};
ACPI_FUNCTION_TRACE (UtWalkAmlResources);
/* The absolute minimum resource template is one EndTag descriptor */
if (AmlLength < sizeof (AML_RESOURCE_END_TAG))
/*
* The absolute minimum resource template is one EndTag descriptor.
* However, we will treat a lone EndTag as just a simple buffer.
*/
if (AmlLength <= sizeof (AML_RESOURCE_END_TAG))
{
return_ACPI_STATUS (AE_AML_NO_RESOURCE_END_TAG);
}
@@ -575,8 +578,8 @@ AcpiUtWalkAmlResources (
if (UserFunction)
{
Status = UserFunction (
Aml, Length, Offset, ResourceIndex, Context);
Status = UserFunction (Aml, Length, Offset,
ResourceIndex, Context);
if (ACPI_FAILURE (Status))
{
return_ACPI_STATUS (Status);
@@ -603,11 +606,19 @@ AcpiUtWalkAmlResources (
*Context = Aml;
}
/* Check if buffer is defined to be longer than the resource length */
if (AmlLength > ThisAmlLength)
{
return_ACPI_STATUS (AE_AML_NO_RESOURCE_END_TAG);
}
/* Normal exit */
return_ACPI_STATUS (AE_OK);
}
ThisAmlLength += Length;
Aml += Length;
Offset += Length;
}

0 comments on commit 9f76de2

Please sign in to comment.