nvdimm: fix header pointer in nvdimm_build_nfit()

In the current nvdimm_build_nfit(), the pointer 'header' initially equals to table_data->data + table_data->len. However, the following g_array_append_vals(table_data, structures->data, structures->len) may resize and relocate table_data->data[]. Therefore, the usage of 'header' afterwards may be illegal. This patch fixes this issue by storing an offset within table_data->data[] (rather than an address) in 'header'. Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com> Reviewed-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
qemu · Jan 8, 2016 · c8e6c93 · c8e6c93
1 parent 6bb9ead
commit c8e6c93
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
@@ -353,16 +353,18 @@ static void nvdimm_build_nfit(GSList *device_list, GArray *table_offsets,
                               GArray *table_data, GArray *linker)
 {
     GArray *structures = nvdimm_build_device_structure(device_list);
-    void *header;
+    unsigned int header;
 
     acpi_add_table(table_offsets, table_data);
 
     /* NFIT header. */
-    header = acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
+    header = table_data->len;
+    acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
     /* NVDIMM device structures. */
     g_array_append_vals(table_data, structures->data, structures->len);
 
-    build_header(linker, table_data, header, "NFIT",
+    build_header(linker, table_data,
+                 (void *)(table_data->data + header), "NFIT",
                  sizeof(NvdimmNfitHeader) + structures->len, 1, NULL);
     g_array_free(structures, true);
 }