Date: Mon, 14 Feb 2011 13:33:04 -0500 From: John Baldwin <jhb@freebsd.org> To: Matthew D Fleming <mdf@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r218685 - head/sys/dev/acpica Message-ID: <201102141333.05054.jhb@freebsd.org> In-Reply-To: <201102141720.p1EHKKeU000451@svn.freebsd.org> References: <201102141720.p1EHKKeU000451@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, February 14, 2011 12:20:20 pm Matthew D Fleming wrote: > Author: mdf > Date: Mon Feb 14 17:20:20 2011 > New Revision: 218685 > URL: http://svn.freebsd.org/changeset/base/218685 > > Log: > Prevent reading from the ACPI_RESOURCE past its actual end. For > paranoia limit to the size of the ACPI_RESOURCE as well. I think in practice that len would never be > sizeof(ACPI_RESOURCE). You could probably get by with using a KASSERT() instead: KASSERT(res->Length <= sizeof(ACPI_RESOURCE), "resource too large")); bcopy(res, req->acpi_res, res->Length); -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102141333.05054.jhb>