CVS commit: src/sys/dev/acpi/wmi

[Taylor R Campbell]

Module Name:    src
Committed By:   riastradh
Date:           Fri Aug 11 08:36:59 UTC 2023

Modified Files:
        src/sys/dev/acpi/wmi: wmi_acpi.c

Log Message:
acpiwmi(4): Fix abuse of char buffer for struct guid_t content.

Nothing guarantees alignment, so this is all undefined behaviour,
even if we don't touch the uninitialized members.

XXX pullup-10
XXX pullup-9
XXX pullup-8


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/sys/dev/acpi/wmi/wmi_acpi.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/acpi/wmi/wmi_acpi.c
diff -u src/sys/dev/acpi/wmi/wmi_acpi.c:1.22 src/sys/dev/acpi/wmi/wmi_acpi.c:1.23
--- src/sys/dev/acpi/wmi/wmi_acpi.c:1.22	Thu Aug 10 20:49:19 2023
+++ src/sys/dev/acpi/wmi/wmi_acpi.c	Fri Aug 11 08:36:59 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: wmi_acpi.c,v 1.22 2023/08/10 20:49:19 mrg Exp $	*/
+/*	$NetBSD: wmi_acpi.c,v 1.23 2023/08/11 08:36:59 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2009, 2010 Jukka Ruohonen <jruoho...@iki.fi>
@@ -27,7 +27,7 @@
  * SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: wmi_acpi.c,v 1.22 2023/08/10 20:49:19 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: wmi_acpi.c,v 1.23 2023/08/11 08:36:59 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/device.h>
@@ -320,8 +320,8 @@ acpi_wmi_guid_get(struct acpi_wmi_softc 
     const char *src, struct wmi_t **out)
 {
 	struct wmi_t *wmi;
-	struct guid_t *guid;
-	char bin[MAX(16, sizeof(*guid))];
+	struct guid_t guid;
+	char bin[16];
 	char hex[3];
 	const char *ptr;
 	uint8_t i;
@@ -346,14 +346,14 @@ acpi_wmi_guid_get(struct acpi_wmi_softc 
 		ptr++;
 	}
 
-	guid = (struct guid_t *)bin;
-	guid->data1 = be32toh(guid->data1);
-	guid->data2 = be16toh(guid->data2);
-	guid->data3 = be16toh(guid->data3);
+	guid.data1 = be32dec(&bin[0]);
+	guid.data2 = be16dec(&bin[4]);
+	guid.data3 = be16dec(&bin[6]);
+	memcpy(guid.data4, &bin[8], 8);
 
 	SIMPLEQ_FOREACH(wmi, &sc->wmi_head, wmi_link) {
 
-		if (GUIDCMP(guid, &wmi->guid) != 0) {
+		if (GUIDCMP(&guid, &wmi->guid) != 0) {
 
 			if (out != NULL)
 				*out = wmi;