Sanity check ptr for legal values so it is less likely

(but not impossible) to get stuck in an infinite loop. Obtained from: msmith@freebsd.org
2001-01-01 16:49:31 +00:00 · 2001-01-01 16:49:31 +00:00 · afd27fce94
commit afd27fce94
parent 5bbc321312
1 changed files with 6 additions and 0 deletions
--- a/sys/dev/pci/pci.c
+++ b/sys/dev/pci/pci.c
@ -379,6 +379,12 @@ pci_read_extcap(device_t pcib, pcicfgregs *cfg)
 	 * Read capability entries.
 	 */
 	while (nextptr != 0) {
+		/* Sanity check */
+		if (nextptr > 255) {
+			printf("illegal PCI extended capability offset %d\n",
+			    nextptr);
+			return;
+		}
 		/* Find the next entry */
 		ptr = nextptr;
 		nextptr = REG(ptr + 1, 1);