On Fri, 20 Mar, at 09:59:47AM, Jean Delvare wrote:
> dmi_num is a u16, dmi_len is a u32, so this construct:
> 
>       dmi_num = dmi_len / 4;
> 
> would result in an integer overflow for a DMI table larger than
> 256 kB. I've never see such a large table so far, but SMBIOS 3.0
> makes it possible so maybe we'll see such tables in the future.
> 
> So instead of faking a structure count when the entry point does
> not provide it, adjust the loop condition in dmi_table() to properly
> deal with the case where dmi_num is not set.
> 
> Signed-off-by: Jean Delvare <jdelv...@suse.de>
> Cc: Matt Fleming <matt.flem...@intel.com>
> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>
> Cc: Ivan Khoronzhuk <ivan.khoronz...@linaro.org>
> ---
>  drivers/firmware/dmi_scan.c |   22 +++++++---------------
>  1 file changed, 7 insertions(+), 15 deletions(-)

Jean, are you taking this through your tree?

-- 
Matt Fleming, Intel Open Source Technology Center
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to