summaryrefslogtreecommitdiffstats
path: root/arch/x86
diff options
context:
space:
mode:
authorJan Beulich <JBeulich@suse.com>2012-11-07 17:46:08 +0100
committerH. Peter Anvin <hpa@linux.intel.com>2012-11-14 17:49:34 +0100
commit5d6d578c170bb280db5d4779f666e456f4f82ec5 (patch)
tree188f5a32ff431bbc72a3d3466fa82f562f6f110a /arch/x86
parentefivarfs: Use query_variable_info() to limit kmalloc() (diff)
downloadlinux-5d6d578c170bb280db5d4779f666e456f4f82ec5.tar.xz
linux-5d6d578c170bb280db5d4779f666e456f4f82ec5.zip
x86, efi: Check table header length in efi_bgrt_init()
Header length should be validated for all ACPI tables before accessing any non-header field. Signed-off-by: Jan Beulich <jbeulich@suse.com> Link: http://lkml.kernel.org/r/509A9E6002000078000A7079@nat28.tlf.novell.com Acked-by: Matt Fleming <matt.fleming@intel.com> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Diffstat (limited to 'arch/x86')
-rw-r--r--arch/x86/platform/efi/efi-bgrt.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/x86/platform/efi/efi-bgrt.c b/arch/x86/platform/efi/efi-bgrt.c
index f6a0c1b8e518..d9c1b95af17c 100644
--- a/arch/x86/platform/efi/efi-bgrt.c
+++ b/arch/x86/platform/efi/efi-bgrt.c
@@ -39,6 +39,8 @@ void efi_bgrt_init(void)
if (ACPI_FAILURE(status))
return;
+ if (bgrt_tab->header.length < sizeof(*bgrt_tab))
+ return;
if (bgrt_tab->version != 1)
return;
if (bgrt_tab->image_type != 0 || !bgrt_tab->image_address)