ACPI: APEI: Fix possible out-of-bounds access to BERT region (1c0d9b1c) · Commits · e / devices / android_kernel_fairphone_FP5

drivers/acpi/apei/bert.c

+10 −13

Original line number	Diff line number	Diff line
		@@ -42,22 +42,23 @@ static void __init bert_print_all(struct acpi_bert_region *region,
		int remain = region_len;
		u32 estatus_len;

		while (remain >= sizeof(struct acpi_bert_region)) {
		estatus_len = cper_estatus_len(estatus);
		if (remain < estatus_len) {
		pr_err(FW_BUG "Truncated status block (length: %u).\n",
		estatus_len);
		return;
		}

		/* No more error records. */
		if (!estatus->block_status)
		return;

		while (remain > sizeof(struct acpi_bert_region)) {
		if (cper_estatus_check(estatus)) {
		pr_err(FW_BUG "Invalid error record.\n");
		return;
		}

		estatus_len = cper_estatus_len(estatus);
		if (remain < estatus_len) {
		pr_err(FW_BUG "Truncated status block (length: %u).\n",
		estatus_len);
		return;
		}

		pr_info_once("Error records from previous boot:\n");

		cper_estatus_print(KERN_INFO HW_ERR, estatus);
		@@ -70,10 +71,6 @@ static void __init bert_print_all(struct acpi_bert_region *region,
		estatus->block_status = 0;

		estatus = (void *)estatus + estatus_len;
		/* No more error records. */
		if (!estatus->block_status)
		return;

		remain -= estatus_len;
		}
		}