From f5d0a8f7c7d2ececc8deb790f7a77082fc438b7b Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Thu, 6 Jul 2017 14:35:47 +0000 Subject: [PATCH] acpidump: warn and exit loop on invalid subtable length Submitted by: Guangyuan Yang Sponsored by: The FreeBSD Foundation --- usr.sbin/acpi/acpidump/acpi.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/usr.sbin/acpi/acpidump/acpi.c b/usr.sbin/acpi/acpidump/acpi.c index d056023c1b3c..9b6a76983d92 100644 --- a/usr.sbin/acpi/acpidump/acpi.c +++ b/usr.sbin/acpi/acpidump/acpi.c @@ -270,6 +270,10 @@ acpi_walk_subtables(ACPI_TABLE_HEADER *table, void *first, end = (char *)table + table->Length; while ((char *)subtable < end) { printf("\n"); + if (subtable->Length < sizeof(ACPI_SUBTABLE_HEADER)) { + warnx("invalid subtable length %u", subtable->Length); + return; + } action(subtable); subtable = (ACPI_SUBTABLE_HEADER *)((char *)subtable + subtable->Length);