We'll take a look. Thanks, Bob > -----Original Message----- > From: Dan Carpenter [mailto:dan.carpenter@xxxxxxxxxx] > Sent: Thursday, October 17, 2013 5:29 AM > To: Moore, Robert > Cc: linux-acpi@xxxxxxxxxxxxxxx; devel@xxxxxxxxxx > Subject: re: ACPICA: Resource Mgr: Prevent infinite loops in resource > walks > > Hello Bob Moore, > > The patch c13085e519e8: "ACPICA: Resource Mgr: Prevent infinite loops in > resource walks" from Mar 8, 2013 is not beautiful. My static checker > complains about the loop because: > "drivers/acpi/acpica/rscalc.c:197 acpi_rs_get_aml_length() > warn: 'resource' can't be NULL." > > drivers/acpi/acpica/rscalc.c > 195 /* Traverse entire list of internal resource descriptors > */ > 196 > 197 while (resource) { > ^^^^^^^^ > > My static checker is wrong because we use the -fno-strict-overflow to > prevent GCC from optimizing this check away. But we are looping over a > list of pointers until our pointer wraps to NULL. In other words we loop > over all the 2**64 - 1 addresses until we wrap to NULL or we find > something with an invalid type or something with ->length zero. > > I assume the last element in the list always has length zero? If so then > we could replace "while (resource)" with "while (resource->length)" > > 198 > 199 /* Validate the descriptor type */ > 200 > 201 if (resource->type > ACPI_RESOURCE_TYPE_MAX) { > 202 > return_ACPI_STATUS(AE_AML_INVALID_RESOURCE_TYPE); > 203 } > 204 > 205 /* Sanity check the length. It must not be zero, > or we loop forever */ > 206 > 207 if (!resource->length) { > 208 > return_ACPI_STATUS(AE_AML_BAD_RESOURCE_LENGTH); > 209 } > 210 > 211 /* Get the base size of the (external stream) > resource descriptor */ > 212 > > regards, > dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
