Header length should be validated for all ACPI tables before accessing any non-header field. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- arch/x86/platform/efi/efi-bgrt.c | 2 ++ 1 file changed, 2 insertions(+) --- 3.7-rc4/arch/x86/platform/efi/efi-bgrt.c +++ 3.7-rc4-x86-EFI-BGRT-checks/arch/x86/platform/efi/efi-bgrt.c @@ -39,6 +39,8 @@ void efi_bgrt_init(void) if (ACPI_FAILURE(status)) return; + if (bgrt_tab->header.length < sizeof(*bgrt_tab)) + return; if (bgrt_tab->version != 1) return; if (bgrt_tab->image_type != 0 || !bgrt_tab->image_address) -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
