For fields outside the buffer length provided, reset any pointers,
which were supposed to be updated by a ParseAcpi() function call to
NULL. This way one can easily validate if a pointer was successfully
updated.
The ParseAcpi() function parses the given ACPI table buffer by a
number of bytes which is a minimum of the buffer length and the length
described by ACPI_PARSER array. If the buffer length is shorter than
the array describing how to process the ACPI structure, then it is
possible that the ItemPtr inside ACPI_PARSER may not get updated or
initialized. This can lead to an error if the value pointed to by
ItemPtr is later used to control the parsing logic.
A typical example would be a 'number of elements' field in an ACPI
structure header which defines how many substructures of a given type
are present in the structure body. If the 'number of elements' field
is not parsed, we will have a dangling pointer which could cause a
problem later.
Signed-off-by: Krzysztof Koch <krzysztof.koch@arm.com>
\r
for (Index = 0; Index < ParserItems; Index++) {\r
if ((Offset + Parser[Index].Length) > Length) {\r
+\r
+ // For fields outside the buffer length provided, reset any pointers\r
+ // which were supposed to be updated by this function call\r
+ if (Parser[Index].ItemPtr != NULL) {\r
+ *Parser[Index].ItemPtr = NULL;\r
+ }\r
+\r
// We don't parse past the end of the max length specified\r
- break;\r
+ continue;\r
}\r
\r
if (GetConsistencyChecking () &&\r