summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLin Ming <ming.m.lin@intel.com>2008-04-10 19:06:43 +0400
committerLen Brown <len.brown@intel.com>2008-04-22 15:35:19 -0400
commit7a5bb9964512c5313af19310c6a3002ec54f7336 (patch)
tree2508740652210f8115c7237e8763238d909106ef
parent0ba7d25c70699cdd3e06fc049d8884ee54b9d5db (diff)
ACPICA: Fix to handle NULL package elements correctly
Fixed problem where NULL package elements were not returned to the AcpiEvaluateObject interface correctly. Instead of returning a NULL ACPI_OBJECT package element, the element was simply ignored, potentially causing a buffer overflow and/or confusing the caller who expected a fixed number of elements. http://bugzilla.kernel.org/show_bug.cgi?id=10132 Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>
-rw-r--r--drivers/acpi/utilities/utobject.c5
-rw-r--r--include/acpi/actypes.h29
2 files changed, 19 insertions, 15 deletions
diff --git a/drivers/acpi/utilities/utobject.c b/drivers/acpi/utilities/utobject.c
index 1eccd3db876f..cdb8ff5b92d1 100644
--- a/drivers/acpi/utilities/utobject.c
+++ b/drivers/acpi/utilities/utobject.c
@@ -470,9 +470,8 @@ acpi_ut_get_simple_object_size(union acpi_operand_object *internal_object,
case ACPI_TYPE_PROCESSOR:
case ACPI_TYPE_POWER:
- /*
- * No extra data for these types
- */
+ /* No extra data for these types */
+
break;
case ACPI_TYPE_LOCAL_REFERENCE:
diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h
index 599657eac2d4..75ec153338e7 100644
--- a/include/acpi/actypes.h
+++ b/include/acpi/actypes.h
@@ -639,46 +639,51 @@ typedef u8 acpi_adr_space_type;
/*
* External ACPI object definition
*/
+
+/*
+ * Note: Type == ACPI_TYPE_ANY (0) is used to indicate a NULL package element
+ * or an unresolved named reference.
+ */
union acpi_object {
acpi_object_type type; /* See definition of acpi_ns_type for values */
struct {
- acpi_object_type type;
+ acpi_object_type type; /* ACPI_TYPE_INTEGER */
acpi_integer value; /* The actual number */
} integer;
struct {
- acpi_object_type type;
+ acpi_object_type type; /* ACPI_TYPE_STRING */
u32 length; /* # of bytes in string, excluding trailing null */
char *pointer; /* points to the string value */
} string;
struct {
- acpi_object_type type;
+ acpi_object_type type; /* ACPI_TYPE_BUFFER */
u32 length; /* # of bytes in buffer */
u8 *pointer; /* points to the buffer */
} buffer;
struct {
- acpi_object_type type;
- u32 fill1;
- acpi_handle handle; /* object reference */
- } reference;
-
- struct {
- acpi_object_type type;
+ acpi_object_type type; /* ACPI_TYPE_PACKAGE */
u32 count; /* # of elements in package */
union acpi_object *elements; /* Pointer to an array of ACPI_OBJECTs */
} package;
struct {
- acpi_object_type type;
+ acpi_object_type type; /* ACPI_TYPE_LOCAL_REFERENCE */
+ acpi_object_type actual_type; /* Type associated with the Handle */
+ acpi_handle handle; /* object reference */
+ } reference;
+
+ struct {
+ acpi_object_type type; /* ACPI_TYPE_PROCESSOR */
u32 proc_id;
acpi_io_address pblk_address;
u32 pblk_length;
} processor;
struct {
- acpi_object_type type;
+ acpi_object_type type; /* ACPI_TYPE_POWER */
u32 system_level;
u32 resource_order;
} power_resource;