Commit 47c08729 authored by Lin Ming's avatar Lin Ming Committed by Len Brown

ACPICA: Fix for LoadTable operator, input strings

Fixed a problem with the LoadTable operator where the OemId
and OemTableId input strings could cause unexpected failures if
they were shorter than the maximum lengths allowed.

http://www.acpica.org/bugzilla/show_bug.cgi?id=576Signed-off-by: default avatarLin Ming <ming.m.lin@intel.com>
Signed-off-by: default avatarBob Moore <robert.moore@intel.com>
Signed-off-by: default avatarAlexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: default avatarLen Brown <len.brown@intel.com>
parent 200cce6a
...@@ -236,7 +236,7 @@ acpi_ex_load_table_op(struct acpi_walk_state *walk_state, ...@@ -236,7 +236,7 @@ acpi_ex_load_table_op(struct acpi_walk_state *walk_state,
status = acpi_get_table_by_index(table_index, &table); status = acpi_get_table_by_index(table_index, &table);
if (ACPI_SUCCESS(status)) { if (ACPI_SUCCESS(status)) {
ACPI_INFO((AE_INFO, ACPI_INFO((AE_INFO,
"Dynamic OEM Table Load - [%4.4s] OemId [%6.6s] OemTableId [%8.8s]", "Dynamic OEM Table Load - [%.4s] OemId [%.6s] OemTableId [%.8s]",
table->signature, table->oem_id, table->signature, table->oem_id,
table->oem_table_id)); table->oem_table_id));
} }
...@@ -472,8 +472,5 @@ acpi_status acpi_ex_unload_table(union acpi_operand_object *ddb_handle) ...@@ -472,8 +472,5 @@ acpi_status acpi_ex_unload_table(union acpi_operand_object *ddb_handle)
acpi_tb_set_table_loaded_flag(table_index, FALSE); acpi_tb_set_table_loaded_flag(table_index, FALSE);
/* Delete the table descriptor (ddb_handle) */
acpi_ut_remove_reference(table_desc);
return_ACPI_STATUS(AE_OK); return_ACPI_STATUS(AE_OK);
} }
...@@ -70,12 +70,22 @@ acpi_tb_find_table(char *signature, ...@@ -70,12 +70,22 @@ acpi_tb_find_table(char *signature,
{ {
acpi_native_uint i; acpi_native_uint i;
acpi_status status; acpi_status status;
struct acpi_table_header header;
ACPI_FUNCTION_TRACE(tb_find_table); ACPI_FUNCTION_TRACE(tb_find_table);
/* Normalize the input strings */
ACPI_MEMSET(&header, 0, sizeof(struct acpi_table_header));
ACPI_STRNCPY(header.signature, signature, ACPI_NAME_SIZE);
ACPI_STRNCPY(header.oem_id, oem_id, ACPI_OEM_ID_SIZE);
ACPI_STRNCPY(header.oem_table_id, oem_table_id, ACPI_OEM_TABLE_ID_SIZE);
/* Search for the table */
for (i = 0; i < acpi_gbl_root_table_list.count; ++i) { for (i = 0; i < acpi_gbl_root_table_list.count; ++i) {
if (ACPI_MEMCMP(&(acpi_gbl_root_table_list.tables[i].signature), if (ACPI_MEMCMP(&(acpi_gbl_root_table_list.tables[i].signature),
signature, ACPI_NAME_SIZE)) { header.signature, ACPI_NAME_SIZE)) {
/* Not the requested table */ /* Not the requested table */
...@@ -104,20 +114,24 @@ acpi_tb_find_table(char *signature, ...@@ -104,20 +114,24 @@ acpi_tb_find_table(char *signature,
if (!ACPI_MEMCMP if (!ACPI_MEMCMP
(acpi_gbl_root_table_list.tables[i].pointer->signature, (acpi_gbl_root_table_list.tables[i].pointer->signature,
signature, ACPI_NAME_SIZE) && (!oem_id[0] header.signature, ACPI_NAME_SIZE) && (!oem_id[0]
|| ||
!ACPI_MEMCMP !ACPI_MEMCMP
(acpi_gbl_root_table_list. (acpi_gbl_root_table_list.
tables[i].pointer->oem_id, tables[i].pointer->
oem_id, ACPI_OEM_ID_SIZE)) oem_id,
header.oem_id,
ACPI_OEM_ID_SIZE))
&& (!oem_table_id[0] && (!oem_table_id[0]
|| !ACPI_MEMCMP(acpi_gbl_root_table_list.tables[i]. || !ACPI_MEMCMP(acpi_gbl_root_table_list.tables[i].
pointer->oem_table_id, oem_table_id, pointer->oem_table_id,
header.oem_table_id,
ACPI_OEM_TABLE_ID_SIZE))) { ACPI_OEM_TABLE_ID_SIZE))) {
*table_index = i; *table_index = i;
ACPI_DEBUG_PRINT((ACPI_DB_TABLES, ACPI_DEBUG_PRINT((ACPI_DB_TABLES,
"Found table [%4.4s]\n", signature)); "Found table [%4.4s]\n",
header.signature));
return_ACPI_STATUS(AE_OK); return_ACPI_STATUS(AE_OK);
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment