Skip to content

Commit

Permalink
APEI: Make sure event data fit into the buffer.
Browse files Browse the repository at this point in the history 
There seem to be systems returning some garbage here.  I still don't
know why, but at least I hope this check fix indefinite printf loop.

MFC after:	2 weeks

(cherry picked from commit 3b248a2)
  • Loading branch information
@amotin @fichtner
amotin authored and fichtner committed Feb 15, 2022
1 parent 239b52c commit 10d43e4
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions sys/dev/acpica/acpi_apei.c
View file
Expand Up @@ -371,8 +371,9 @@ apei_ge_handler(struct apei_ge *ge, bool copy)
uint8_t *buf = copy ? ge->copybuf : ge->buf;
ACPI_HEST_GENERIC_STATUS *ges = (ACPI_HEST_GENERIC_STATUS *)buf;
ACPI_HEST_GENERIC_DATA *ged;
size_t off, len;
uint32_t sev;
int i, c, off;
int i, c;

if (ges == NULL || ges->BlockStatus == 0)
return (0);
Expand All @@ -381,8 +382,11 @@ apei_ge_handler(struct apei_ge *ge, bool copy)
sev = ges->ErrorSeverity;

/* Process error entries. */
for (off = i = 0; i < c && off + sizeof(*ged) <= ges->DataLength; i++) {
len = MIN(ge->v1.ErrorBlockLength - sizeof(*ges), ges->DataLength);
for (off = i = 0; i < c && off + sizeof(*ged) <= len; i++) {
ged = (ACPI_HEST_GENERIC_DATA *)&buf[sizeof(*ges) + off];
if ((uint64_t)GED_SIZE(ged) + ged->ErrorDataLength > len - off)
break;
apei_ged_handler(ged);
off += GED_SIZE(ged) + ged->ErrorDataLength;
}
Expand Down

0 comments on commit 10d43e4

Please sign in to comment.