[Concept] [PATCH 3/4] acpi: Check ACPI revision before accessing XSDT

From: Simon Glass <sjg@chromium.org> This field is only present in revisions after zero, so add the missing check. This avoids a buffer overrun with a revision 1.0 ACPI table. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de> --- lib/acpi/acpi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/acpi/acpi.c b/lib/acpi/acpi.c index b13cba1a608..698d17a02e8 100644 --- a/lib/acpi/acpi.c +++ b/lib/acpi/acpi.c @@ -81,7 +81,7 @@ static int setup_search(struct acpi_rsdt **rsdtp, struct acpi_xsdt **xsdtp) return -ENOENT; if (!acpi_valid_rsdp(rsdp)) return -EINVAL; - if (rsdp->xsdt_address) { + if (rsdp->revision > 1 && rsdp->xsdt_address) { xsdt = nomap_sysmem(rsdp->xsdt_address, 0); len = xsdt->header.length - sizeof(xsdt->header); count = len / sizeof(u64); -- 2.43.0