In the current nvdimm_build_nfit(), the pointer 'header' initially equals
to table_data->data + table_data->len. However, the following
g_array_append_vals(table_data, structures->data, structures->len)
may resize and relocate table_data->data[]. Therefore, the usage of 'header'
afterwards may be illegal.
This patch fixes this issue by storing an offset within table_data->data[]
(rather than an address) in 'header'.
Signed-off-by: Haozhong Zhang <haozhong.zhang@xxxxxxxxx>
Reviewed-by: Xiao Guangrong <guangrong.xiao@xxxxxxxxxxxxxxx>
---
hw/acpi/nvdimm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
index 348db35..7c4b931 100644
--- a/hw/acpi/nvdimm.c
+++ b/hw/acpi/nvdimm.c
@@ -356,16 +356,18 @@ static void nvdimm_build_nfit(GSList *device_list, GArray *table_offsets,
GArray *table_data, GArray *linker)
{
GArray *structures = nvdimm_build_device_structure(device_list);
- void *header;
+ unsigned int header;
acpi_add_table(table_offsets, table_data);
/* NFIT header. */
- header = acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
+ header = table_data->len;
+ acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
/* NVDIMM device structures. */
g_array_append_vals(table_data, structures->data, structures->len);
- build_header(linker, table_data, header, "NFIT",
+ build_header(linker, table_data,
+ (void *)(table_data->data + header), "NFIT",
sizeof(NvdimmNfitHeader) + structures->len, 1, NULL);
g_array_free(structures, true);
}
--
2.4.8
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
