diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2013-03-21 00:23:18 +0100 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2013-04-04 19:23:08 -0500 |
| commit | e980f2bf0a39cb524259bb70084e0f75b92c8f39 (patch) | |
| tree | b0bb01da2fe03f5b55c8aec249cac1d6ffcb0537 /arch_init.c | |
| parent | 0c764a9dfc0d480c21f325480aa2e69581841858 (diff) | |
| download | qemu-e980f2bf0a39cb524259bb70084e0f75b92c8f39.tar.gz | |
acpi_table_add(): extract and reimplement internals
The new function acpi_table_install() installs any blob the caller passes
in. In the next patches this function will be promoted from helper role to
extern.
Reimplementing the logic should make it easier to understand. It also
removes a buffer overflow when
has_header &&
cumulative_file_size < ACPI_TABLE_HDR_SIZE - ACPI_TABLE_PFX_SIZE
(In that case the g_realloc() call in the read() loop used to shrink the
"acpi_tables" array, causing an out-of-bounds read access when copying the
header out of "acpi_tables".)
The new code isn't more daring alignment-wise than its predecessor:
"acpi_table_header" is packed, and the uint32_t fields are at offsets 6,
26, and 34.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1363821803-3380-7-git-send-email-lersek@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'arch_init.c')
0 files changed, 0 insertions, 0 deletions