Re: [PATCH] ACPI: tables: Fix NULL dereference by acpi_os_map_memory()
From: Rafael J. Wysocki
Date: Wed Jul 26 2023 - 10:35:53 EST
On Wed, Jul 26, 2023 at 6:53 AM Kiwamu Okabe <okabe@xxxxxxxxxxxxx> wrote:
>
> The Infer static analyzer https://fbinfer.com/ reports following
> NULL poinster dereference by the acpi_os_map_memory() function.
> I believe this patch does fix the issue without any panic.
Please demonstrate to me that the NULL pointer dereference can
actually happen in this code.
Thanks!
> Signed-off-by: Kiwamu Okabe <okabe@xxxxxxxxxxxxx>
> ---
> drivers/acpi/tables.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
> index 8ab0a82b4da4..ae7b7343bacf 100644
> --- a/drivers/acpi/tables.c
> +++ b/drivers/acpi/tables.c
> @@ -717,6 +717,9 @@ acpi_table_initrd_override(struct acpi_table_header *existing_table,
> while (table_offset + ACPI_HEADER_SIZE <= all_tables_size) {
> table = acpi_os_map_memory(acpi_tables_addr + table_offset,
> ACPI_HEADER_SIZE);
> + if (WARN_ON(!table)) {
> + return AE_OK;
> + }
> if (table_offset + table->length > all_tables_size) {
> acpi_os_unmap_memory(table, ACPI_HEADER_SIZE);
> WARN_ON(1);
> @@ -772,6 +775,9 @@ static void __init acpi_table_initrd_scan(void)
> while (table_offset + ACPI_HEADER_SIZE <= all_tables_size) {
> table = acpi_os_map_memory(acpi_tables_addr + table_offset,
> ACPI_HEADER_SIZE);
> + if (WARN_ON(!table)) {
> + return;
> + }
> if (table_offset + table->length > all_tables_size) {
> acpi_os_unmap_memory(table, ACPI_HEADER_SIZE);
> WARN_ON(1);
> --
> 2.39.2
>