Commit 7a5bb996 authored by Lin Ming's avatar Lin Ming Committed by Len Brown

ACPICA: Fix to handle NULL package elements correctly

Fixed problem where NULL package elements were not returned to
the AcpiEvaluateObject interface correctly. Instead of returning a
NULL ACPI_OBJECT package element, the element was simply ignored,
potentially causing a buffer overflow and/or confusing the caller
who expected a fixed number of elements.

http://bugzilla.kernel.org/show_bug.cgi?id=10132Signed-off-by: default avatarLin Ming <ming.m.lin@intel.com>
Signed-off-by: default avatarBob Moore <robert.moore@intel.com>
Signed-off-by: default avatarAlexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: default avatarLen Brown <len.brown@intel.com>
parent 0ba7d25c
...@@ -470,9 +470,8 @@ acpi_ut_get_simple_object_size(union acpi_operand_object *internal_object, ...@@ -470,9 +470,8 @@ acpi_ut_get_simple_object_size(union acpi_operand_object *internal_object,
case ACPI_TYPE_PROCESSOR: case ACPI_TYPE_PROCESSOR:
case ACPI_TYPE_POWER: case ACPI_TYPE_POWER:
/* /* No extra data for these types */
* No extra data for these types
*/
break; break;
case ACPI_TYPE_LOCAL_REFERENCE: case ACPI_TYPE_LOCAL_REFERENCE:
......
...@@ -639,46 +639,51 @@ typedef u8 acpi_adr_space_type; ...@@ -639,46 +639,51 @@ typedef u8 acpi_adr_space_type;
/* /*
* External ACPI object definition * External ACPI object definition
*/ */
/*
* Note: Type == ACPI_TYPE_ANY (0) is used to indicate a NULL package element
* or an unresolved named reference.
*/
union acpi_object { union acpi_object {
acpi_object_type type; /* See definition of acpi_ns_type for values */ acpi_object_type type; /* See definition of acpi_ns_type for values */
struct { struct {
acpi_object_type type; acpi_object_type type; /* ACPI_TYPE_INTEGER */
acpi_integer value; /* The actual number */ acpi_integer value; /* The actual number */
} integer; } integer;
struct { struct {
acpi_object_type type; acpi_object_type type; /* ACPI_TYPE_STRING */
u32 length; /* # of bytes in string, excluding trailing null */ u32 length; /* # of bytes in string, excluding trailing null */
char *pointer; /* points to the string value */ char *pointer; /* points to the string value */
} string; } string;
struct { struct {
acpi_object_type type; acpi_object_type type; /* ACPI_TYPE_BUFFER */
u32 length; /* # of bytes in buffer */ u32 length; /* # of bytes in buffer */
u8 *pointer; /* points to the buffer */ u8 *pointer; /* points to the buffer */
} buffer; } buffer;
struct { struct {
acpi_object_type type; acpi_object_type type; /* ACPI_TYPE_PACKAGE */
u32 fill1;
acpi_handle handle; /* object reference */
} reference;
struct {
acpi_object_type type;
u32 count; /* # of elements in package */ u32 count; /* # of elements in package */
union acpi_object *elements; /* Pointer to an array of ACPI_OBJECTs */ union acpi_object *elements; /* Pointer to an array of ACPI_OBJECTs */
} package; } package;
struct { struct {
acpi_object_type type; acpi_object_type type; /* ACPI_TYPE_LOCAL_REFERENCE */
acpi_object_type actual_type; /* Type associated with the Handle */
acpi_handle handle; /* object reference */
} reference;
struct {
acpi_object_type type; /* ACPI_TYPE_PROCESSOR */
u32 proc_id; u32 proc_id;
acpi_io_address pblk_address; acpi_io_address pblk_address;
u32 pblk_length; u32 pblk_length;
} processor; } processor;
struct { struct {
acpi_object_type type; acpi_object_type type; /* ACPI_TYPE_POWER */
u32 system_level; u32 system_level;
u32 resource_order; u32 resource_order;
} power_resource; } power_resource;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment