Skip to content

Commit 8b83a8d

Browse files
committed
Avoid sequence overread in call to strncmp()
ApGetTableLength checks if tables are valid by calling ApIsValidHeader. The latter then calls ACPI_VALIDATE_RSDP_SIG(Table->Signature). ApIsValidHeader accepts ACPI_TABLE_HEADER as an argument, so the signature size is always fixed to 4 bytes. The problem is when the string comparison is between ACPI-defined table signature and ACPI_SIG_RSDP. Common ACPI table header specifies the Signature field to be 4 bytes long[1], with the exception of the RSDP structure whose signature is 8 bytes long "RSD PTR " (including the trailing blank character)[2]. Calling strncmp(sig, rsdp_sig, 8) would then result in a sequence overread[3] as sig would be smaller (4 bytes) than the specified bound (8 bytes). As a workaround, pass the bound conditionally based on the size of the signature being passed. [1] https://uefi.org/specs/ACPI/6.5_A/05_ACPI_Software_Programming_Model.html#system-description-table-header [2] https://uefi.org/specs/ACPI/6.5_A/05_ACPI_Software_Programming_Model.html#root-system-description-pointer-rsdp-structure [3] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-overread Signed-off-by: Ahmed Salem <[email protected]>
1 parent 239e8c3 commit 8b83a8d

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

source/include/actypes.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -678,7 +678,7 @@ typedef UINT64 ACPI_INTEGER;
678678

679679
/* Support for the special RSDP signature (8 characters) */
680680

681-
#define ACPI_VALIDATE_RSDP_SIG(a) (!strncmp (ACPI_CAST_PTR (char, (a)), ACPI_SIG_RSDP, 8))
681+
#define ACPI_VALIDATE_RSDP_SIG(a) (!strncmp (ACPI_CAST_PTR (char, (a)), ACPI_SIG_RSDP, (sizeof(a) < 8) ? ACPI_NAMESEG_SIZE : 8))
682682
#define ACPI_MAKE_RSDP_SIG(dest) (memcpy (ACPI_CAST_PTR (char, (dest)), ACPI_SIG_RSDP, 8))
683683

684684
/* Support for OEMx signature (x can be any character) */

0 commit comments

Comments
 (0)