acpi-fpdt: break on zero or negative length read
https://bugzilla.redhat.com/show_bug.cgi?id=1027478
This commit is contained in:
parent
fd201fda7d
commit
f576cd2092
|
@ -109,6 +109,8 @@ int acpi_get_boot_usec(usec_t *loader_start, usec_t *loader_exit) {
|
|||
for (rec = (struct acpi_fpdt_header *)(buf + sizeof(struct acpi_table_header));
|
||||
(char *)rec < buf + l;
|
||||
rec = (struct acpi_fpdt_header *)((char *)rec + rec->length)) {
|
||||
if (rec->length <= 0)
|
||||
break;
|
||||
if (rec->type != ACPI_FPDT_TYPE_BOOT)
|
||||
continue;
|
||||
if (rec->length != sizeof(struct acpi_fpdt_header))
|
||||
|
|
Loading…
Reference in a new issue