sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ShellPkg: acpiview: Prevent infinite loop if structure length is 0

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2534

Extend validation of ACPI structure lengths which are read from the
ACPI table being parsed. Additionally check if the structure 'Length'
field value is positive. If not, stop parsing the faulting table.

Some ACPI tables define internal structures of variable size. The
'Length' field inside the substructure is used to update a pointer used
for table traversal. If the byte-length of the structure is equal to 0,
acpiview can enter an infinite loop. This condition can occur if, for
example, the zero-allocated ACPI table buffer is not fully populated.
This is typically a bug on the ACPI table writer side.

In short, this method helps acpiview recover gracefully from a
zero-valued ACPI structure length.

Signed-off-by: Krzysztof Koch <krzysztof.koch@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
This commit is contained in:
Krzysztof Koch
2020-02-19 18:23:38 +08:00
committed by mergify[bot]
parent 70228e101e
commit b85048261a
6 changed files with 47 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c
View File

@ -1,7 +1,7 @@
/** @file
DBG2 table parser
Copyright (c) 2016 - 2019, ARM Limited. All rights reserved.
Copyright (c) 2016 - 2020, ARM Limited. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Reference(s):
@ -282,15 +282,16 @@ ParseAcpiDbg2 (
return;
}
// Make sure the Debug Device Information structure lies inside the table.
if ((Offset + *DbgDevInfoLen) > AcpiTableLength) {
// Validate Debug Device Information Structure length
if ((*DbgDevInfoLen == 0) ||
((Offset + (*DbgDevInfoLen)) > AcpiTableLength)) {
IncrementErrorCount ();
Print (
L"ERROR: Invalid Debug Device Information structure length. " \
L"DbgDevInfoLen = %d. RemainingTableBufferLength = %d. " \
L"DBG2 parsing aborted.\n",
L"ERROR: Invalid Debug Device Information Structure length. " \
L"Length = %d. Offset = %d. AcpiTableLength = %d.\n",
*DbgDevInfoLen,
AcpiTableLength - Offset
Offset,
AcpiTableLength
);
return;
}