ACK: [PATCH] acpi: acpitables: make length and skip signed to handle -ve underflow (LP: #1435272)

[ivanhu]

On 2015年03月23日 19:22, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> Make sizes signed so that large skips that are too long make length
> underflow rather than wrap around causing a null pointer dereference
> and hence a SEGFAULT.
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
>   src/acpi/acpitables/acpitables.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/acpi/acpitables/acpitables.c b/src/acpi/acpitables/acpitables.c
> index fb5639a..ab75aca 100644
> --- a/src/acpi/acpitables/acpitables.c
> +++ b/src/acpi/acpitables/acpitables.c
> @@ -312,7 +312,7 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl
>   	fwts_acpi_table_madt *madt = (fwts_acpi_table_madt*)table->data;
>   	fwts_list msi_frame_ids;
>   	const uint8_t *data = table->data;
> -	size_t length = table->length;
> +	ssize_t length = table->length;
>   	int i = 0;
>   
>   	fwts_list_init(&msi_frame_ids);
> @@ -326,9 +326,9 @@ static void acpi_table_check_madt(fwts_framework *fw, fwts_acpi_table_info *tabl
>   	data += sizeof(fwts_acpi_table_madt);
>   	length -= sizeof(fwts_acpi_table_madt);
>   
> -	while (length > sizeof(fwts_acpi_madt_sub_table_header)) {
> +	while (length > (ssize_t)sizeof(fwts_acpi_madt_sub_table_header)) {
>   		fwts_acpi_madt_sub_table_header *hdr = (fwts_acpi_madt_sub_table_header*)data;
> -		size_t skip = 0;
> +		ssize_t skip = 0;
>   		i++;
>   
>   		data += sizeof(fwts_acpi_madt_sub_table_header);

Acked-by: Ivan Hu <ivan.hu at canonical.com>