Date: Mon, 14 Feb 2011 10:47:17 -0800 From: mdf@FreeBSD.org To: John Baldwin <jhb@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r218685 - head/sys/dev/acpica Message-ID: <AANLkTi=ig=6vocB9=mYSg4ChG-wF9j0tmQUOW4hRMbQk@mail.gmail.com> In-Reply-To: <201102141333.05054.jhb@freebsd.org> References: <201102141720.p1EHKKeU000451@svn.freebsd.org> <201102141333.05054.jhb@freebsd.org>
index | next in thread | previous in thread | raw e-mail
On Mon, Feb 14, 2011 at 10:33 AM, John Baldwin <jhb@freebsd.org> wrote: > On Monday, February 14, 2011 12:20:20 pm Matthew D Fleming wrote: >> Author: mdf >> Date: Mon Feb 14 17:20:20 2011 >> New Revision: 218685 >> URL: http://svn.freebsd.org/changeset/base/218685 >> >> Log: >> Prevent reading from the ACPI_RESOURCE past its actual end. For >> paranoia limit to the size of the ACPI_RESOURCE as well. > > I think in practice that len would never be > sizeof(ACPI_RESOURCE). > > You could probably get by with using a KASSERT() instead: > > KASSERT(res->Length <= sizeof(ACPI_RESOURCE), "resource too large")); > bcopy(res, req->acpi_res, res->Length); Thanks. I wanted to be paranoid since the problem was sporadic. Anyone who can better test this code should feel free to modify it further. Thanks, matthewhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=ig=6vocB9=mYSg4ChG-wF9j0tmQUOW4hRMbQk>