On Fri, 20 Mar, at 09:59:47AM, Jean Delvare wrote: > dmi_num is a u16, dmi_len is a u32, so this construct: > > dmi_num = dmi_len / 4; > > would result in an integer overflow for a DMI table larger than > 256 kB. I've never see such a large table so far, but SMBIOS 3.0 > makes it possible so maybe we'll see such tables in the future. > > So instead of faking a structure count when the entry point does > not provide it, adjust the loop condition in dmi_table() to properly > deal with the case where dmi_num is not set. > > Signed-off-by: Jean Delvare <jdelv...@suse.de> > Cc: Matt Fleming <matt.flem...@intel.com> > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > Cc: Ivan Khoronzhuk <ivan.khoronz...@linaro.org> > --- > drivers/firmware/dmi_scan.c | 22 +++++++--------------- > 1 file changed, 7 insertions(+), 15 deletions(-)
Jean, are you taking this through your tree? -- Matt Fleming, Intel Open Source Technology Center -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/