When writing a value to a field, don't read past the end of the source value

author jmatthew <jmatthew@openbsd.org>

Mon, 4 May 2015 10:42:06 +0000 (10:42 +0000)

committer jmatthew <jmatthew@openbsd.org>

Mon, 4 May 2015 10:42:06 +0000 (10:42 +0000)
author jmatthew <jmatthew@openbsd.org>
Mon, 4 May 2015 10:42:06 +0000 (10:42 +0000)
committer jmatthew <jmatthew@openbsd.org>
Mon, 4 May 2015 10:42:06 +0000 (10:42 +0000)
diff --git a/sys/dev/acpi/dsdt.c b/sys/dev/acpi/dsdt.c

index e3d5426..97e55f3 100644 (file)
--- a/sys/dev/acpi/dsdt.c
+++ b/sys/dev/acpi/dsdt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsdt.c,v 1.216 2015/03/16 20:31:46 deraadt Exp $ */
+/* $OpenBSD: dsdt.c,v 1.217 2015/05/04 10:42:06 jmatthew Exp $ */
  /*
   * Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
   *
@@ -2286,6 +2286,9 @@ aml_rwgas(struct aml_value *rgn, int bpos, int blen, struct aml_value *val,
                 } else {
                         /* Write to a large field.. create or convert buffer */
                         val = aml_convert(val, AML_OBJTYPE_BUFFER, -1);
+
+                       if (blen > (val->length << 3))
+                               blen = val->length << 3;
                 }
                 vbit = val->v_buffer;
         } else {
author	jmatthew <jmatthew@openbsd.org>
	Mon, 4 May 2015 10:42:06 +0000 (10:42 +0000)
committer	jmatthew <jmatthew@openbsd.org>
	Mon, 4 May 2015 10:42:06 +0000 (10:42 +0000)