diff options
author | Lin Ming <ming.m.lin@intel.com> | 2008-04-10 19:06:43 +0400 |
---|---|---|
committer | Len Brown <len.brown@intel.com> | 2008-04-22 15:35:19 -0400 |
commit | 7a5bb9964512c5313af19310c6a3002ec54f7336 (patch) | |
tree | 2508740652210f8115c7237e8763238d909106ef /include/acpi | |
parent | 0ba7d25c70699cdd3e06fc049d8884ee54b9d5db (diff) | |
download | lwn-7a5bb9964512c5313af19310c6a3002ec54f7336.tar.gz lwn-7a5bb9964512c5313af19310c6a3002ec54f7336.zip |
ACPICA: Fix to handle NULL package elements correctly
Fixed problem where NULL package elements were not returned to
the AcpiEvaluateObject interface correctly. Instead of returning a
NULL ACPI_OBJECT package element, the element was simply ignored,
potentially causing a buffer overflow and/or confusing the caller
who expected a fixed number of elements.
http://bugzilla.kernel.org/show_bug.cgi?id=10132
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
Diffstat (limited to 'include/acpi')
-rw-r--r-- | include/acpi/actypes.h | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h index 599657eac2d4..75ec153338e7 100644 --- a/include/acpi/actypes.h +++ b/include/acpi/actypes.h @@ -639,46 +639,51 @@ typedef u8 acpi_adr_space_type; /* * External ACPI object definition */ + +/* + * Note: Type == ACPI_TYPE_ANY (0) is used to indicate a NULL package element + * or an unresolved named reference. + */ union acpi_object { acpi_object_type type; /* See definition of acpi_ns_type for values */ struct { - acpi_object_type type; + acpi_object_type type; /* ACPI_TYPE_INTEGER */ acpi_integer value; /* The actual number */ } integer; struct { - acpi_object_type type; + acpi_object_type type; /* ACPI_TYPE_STRING */ u32 length; /* # of bytes in string, excluding trailing null */ char *pointer; /* points to the string value */ } string; struct { - acpi_object_type type; + acpi_object_type type; /* ACPI_TYPE_BUFFER */ u32 length; /* # of bytes in buffer */ u8 *pointer; /* points to the buffer */ } buffer; struct { - acpi_object_type type; - u32 fill1; - acpi_handle handle; /* object reference */ - } reference; - - struct { - acpi_object_type type; + acpi_object_type type; /* ACPI_TYPE_PACKAGE */ u32 count; /* # of elements in package */ union acpi_object *elements; /* Pointer to an array of ACPI_OBJECTs */ } package; struct { - acpi_object_type type; + acpi_object_type type; /* ACPI_TYPE_LOCAL_REFERENCE */ + acpi_object_type actual_type; /* Type associated with the Handle */ + acpi_handle handle; /* object reference */ + } reference; + + struct { + acpi_object_type type; /* ACPI_TYPE_PROCESSOR */ u32 proc_id; acpi_io_address pblk_address; u32 pblk_length; } processor; struct { - acpi_object_type type; + acpi_object_type type; /* ACPI_TYPE_POWER */ u32 system_level; u32 resource_order; } power_resource; |