git.proxmox.com Git - mirror

ShellPkg: acpiview: Prevent infinite loop if structure length is 0

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2534

Extend validation of ACPI structure lengths which are read from the
ACPI table being parsed. Additionally check if the structure 'Length'
field value is positive. If not, stop parsing the faulting table.

Some ACPI tables define internal structures of variable size. The
'Length' field inside the substructure is used to update a pointer used
for table traversal. If the byte-length of the structure is equal to 0,
acpiview can enter an infinite loop. This condition can occur if, for
example, the zero-allocated ACPI table buffer is not fully populated.
This is typically a bug on the ACPI table writer side.

In short, this method helps acpiview recover gracefully from a
zero-valued ACPI structure length.

Signed-off-by: Krzysztof Koch <krzysztof.koch@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>

author	Krzysztof Koch <krzysztof.koch@arm.com>
	Wed, 19 Feb 2020 10:23:38 +0000 (18:23 +0800)
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
	Thu, 20 Feb 2020 09:27:00 +0000 (09:27 +0000)
commit	b85048261aa5dc0b8fd98ddc4431d8c2a6389b25
tree	8c5c1528ce334e0553000821b76af8729f06b35b	tree
parent	70228e101e67445dadec2756c61785289b060402	commit \| diff

ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c		diff \| blob \| blame \| history
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Gtdt/GtdtParser.c		diff \| blob \| blame \| history
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c		diff \| blob \| blame \| history
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c		diff \| blob \| blame \| history
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c		diff \| blob \| blame \| history
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c		diff \| blob \| blame \| history