Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a5bb996 authored by Lin Ming's avatar Lin Ming Committed by Len Brown
Browse files

ACPICA: Fix to handle NULL package elements correctly 

Fixed problem where NULL package elements were not returned to
the AcpiEvaluateObject interface correctly. Instead of returning a
NULL ACPI_OBJECT package element, the element was simply ignored,
potentially causing a buffer overflow and/or confusing the caller
who expected a fixed number of elements.

http://bugzilla.kernel.org/show_bug.cgi?id=10132



Signed-off-by: default avatarLin Ming <ming.m.lin@intel.com>
Signed-off-by: default avatarBob Moore <robert.moore@intel.com>
Signed-off-by: default avatarAlexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: default avatarLen Brown <len.brown@intel.com>
parent 0ba7d25c

drivers/acpi/utilities/utobject.c

+2 −3
Original line number Diff line number Diff line
@@ -470,9 +470,8 @@ acpi_ut_get_simple_object_size(union acpi_operand_object *internal_object, 
	case ACPI_TYPE_PROCESSOR:

	case ACPI_TYPE_POWER:



		/*

		 * No extra data for these types

		 */

		/* No extra data for these types */



		break;



	case ACPI_TYPE_LOCAL_REFERENCE:

include/acpi/actypes.h

+17 −12
Original line number Diff line number Diff line
@@ -639,46 +639,51 @@ typedef u8 acpi_adr_space_type; 
/*

 * External ACPI object definition

 */



/*

 * Note: Type == ACPI_TYPE_ANY (0) is used to indicate a NULL package element

 * or an unresolved named reference.

 */

union acpi_object {

	acpi_object_type type;	/* See definition of acpi_ns_type for values */

	struct {

		acpi_object_type type;

		acpi_object_type type;	/* ACPI_TYPE_INTEGER */

		acpi_integer value;	/* The actual number */

	} integer;



	struct {

		acpi_object_type type;

		acpi_object_type type;	/* ACPI_TYPE_STRING */

		u32 length;	/* # of bytes in string, excluding trailing null */

		char *pointer;	/* points to the string value */

	} string;



	struct {

		acpi_object_type type;

		acpi_object_type type;	/* ACPI_TYPE_BUFFER */

		u32 length;	/* # of bytes in buffer */

		u8 *pointer;	/* points to the buffer */

	} buffer;



	struct {

		acpi_object_type type;

		u32 fill1;

		acpi_handle handle;	/* object reference */

	} reference;



	struct {

		acpi_object_type type;

		acpi_object_type type;	/* ACPI_TYPE_PACKAGE */

		u32 count;	/* # of elements in package */

		union acpi_object *elements;	/* Pointer to an array of ACPI_OBJECTs */

	} package;



	struct {

		acpi_object_type type;

		acpi_object_type type;	/* ACPI_TYPE_LOCAL_REFERENCE */

		acpi_object_type actual_type;	/* Type associated with the Handle */

		acpi_handle handle;	/* object reference */

	} reference;



	struct {

		acpi_object_type type;	/* ACPI_TYPE_PROCESSOR */

		u32 proc_id;

		acpi_io_address pblk_address;

		u32 pblk_length;

	} processor;



	struct {

		acpi_object_type type;

		acpi_object_type type;	/* ACPI_TYPE_POWER */

		u32 system_level;

		u32 resource_order;

	} power_resource;