On Mon, Jan 30, 2023 at 10:14 AM Armin Wolf <W_Armin@xxxxxx> wrote: > > Am 19.01.23 um 15:21 schrieb Armin Wolf: > > > On my Dell Inspiron 3505, the battery model name was displayed > > differently than when running Windows. While i first suspected an > > ACPI issue, it turned out that the real reason was the ACPI battery > > driver failing to handle strings larger than 32 bytes. > > > > This caused the model name of the battery (35 bytes long, hex string) > > to miss proper NUL-termination, resulting in a buffer overread later. > > Luckily, a valid string was stored right after the now invalid string, > > appending only the battery serial number to the original model name. > > > > The first patch fixes a potential buffer overread then handling buffers, > > while the second patch finally increases the maximum string length to > > avoid truncating such larger strings. > > > > The patch series was tested on a Dell Inspiron 3505 and appears > > to work properly. > > Are there any outstanding issues with the patch series which need > to be fixed for mainline inclusion? I'll have a look shortly and let you know. Thanks! > > --- > > Changes in v2: > > - Drop first patch since it was already applied > > - combine the second and third patch > > - do not replace 0 with '\0' > > - spell ACPI in capitals > > - rework the buffer length hdanling > > > > Armin Wolf (2): > > ACPI: battery: Fix buffer overread if not NUL-terminated > > ACPI: battery: Increase maximum string length > > > > drivers/acpi/battery.c | 35 +++++++++++++++++++++++------------ > > 1 file changed, 23 insertions(+), 12 deletions(-) > > > > --
