Skip to content

Commit 9f76de2

Browse files
committed
Resources: Not a valid resource if buffer length too long
The declared buffer length must be the same as the length of the byte initializer list, otherwise not a valid resource descriptor.
1 parent a002071 commit 9f76de2

File tree

1 file changed

+16
-5
lines changed

1 file changed

+16
-5
lines changed

source/components/utilities/utresrc.c

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -533,16 +533,19 @@ AcpiUtWalkAmlResources (
533533
UINT8 *EndAml;
534534
UINT8 ResourceIndex;
535535
UINT32 Length;
536+
ACPI_SIZE ThisAmlLength = 0;
536537
UINT32 Offset = 0;
537538
UINT8 EndTag[2] = {0x79, 0x00};
538539

539540

540541
ACPI_FUNCTION_TRACE (UtWalkAmlResources);
541542

542543

543-
/* The absolute minimum resource template is one EndTag descriptor */
544-
545-
if (AmlLength < sizeof (AML_RESOURCE_END_TAG))
544+
/*
545+
* The absolute minimum resource template is one EndTag descriptor.
546+
* However, we will treat a lone EndTag as just a simple buffer.
547+
*/
548+
if (AmlLength <= sizeof (AML_RESOURCE_END_TAG))
546549
{
547550
return_ACPI_STATUS (AE_AML_NO_RESOURCE_END_TAG);
548551
}
@@ -575,8 +578,8 @@ AcpiUtWalkAmlResources (
575578

576579
if (UserFunction)
577580
{
578-
Status = UserFunction (
579-
Aml, Length, Offset, ResourceIndex, Context);
581+
Status = UserFunction (Aml, Length, Offset,
582+
ResourceIndex, Context);
580583
if (ACPI_FAILURE (Status))
581584
{
582585
return_ACPI_STATUS (Status);
@@ -603,11 +606,19 @@ AcpiUtWalkAmlResources (
603606
*Context = Aml;
604607
}
605608

609+
/* Check if buffer is defined to be longer than the resource length */
610+
611+
if (AmlLength > ThisAmlLength)
612+
{
613+
return_ACPI_STATUS (AE_AML_NO_RESOURCE_END_TAG);
614+
}
615+
606616
/* Normal exit */
607617

608618
return_ACPI_STATUS (AE_OK);
609619
}
610620

621+
ThisAmlLength += Length;
611622
Aml += Length;
612623
Offset += Length;
613624
}

0 commit comments

Comments
 (0)