From: Vishal Verma Date: Tue, 27 Oct 2015 22:58:26 +0000 (-0600) Subject: nfit: in acpi_nfit_init, break on a 0-length table X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=564d501187317f8df79ddda173cf23735cbddd16;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git nfit: in acpi_nfit_init, break on a 0-length table If acpi_nfit_init is called (such as from nfit_test), with an nfit table that has more memory allocated than it needs (and a similarly large 'size' field, add_tables would happily keep adding null SPA Range tables filling up all available memory. Make it friendlier by breaking out if a 0-length header is found in any of the tables. Cc: Dan Williams Cc: Rafael J. Wysocki Cc: Cc: Signed-off-by: Vishal Verma Signed-off-by: Dan Williams --- diff --git a/drivers/acpi/nfit.c b/drivers/acpi/nfit.c index c1b8d03e262e..35b4b5693110 100644 --- a/drivers/acpi/nfit.c +++ b/drivers/acpi/nfit.c @@ -335,6 +335,12 @@ static void *add_table(struct acpi_nfit_desc *acpi_desc, void *table, return NULL; hdr = table; + if (!hdr->length) { + dev_warn(dev, "found a zero length table '%d' parsing nfit\n", + hdr->type); + return NULL; + } + switch (hdr->type) { case ACPI_NFIT_TYPE_SYSTEM_ADDRESS: if (!add_spa(acpi_desc, table))