From cf9fd8d1b1efa803a7f24f11567806980e250cea Mon Sep 17 00:00:00 2001 From: jmatthew Date: Mon, 4 May 2015 10:42:06 +0000 Subject: [PATCH] When writing a value to a field, don't read past the end of the source value if the field is bigger. Fixes crashes seen on HP bc2500 blades with MP kernels. ok kettenis@ --- sys/dev/acpi/dsdt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/dev/acpi/dsdt.c b/sys/dev/acpi/dsdt.c index e3d5426be46..97e55f38542 100644 --- a/sys/dev/acpi/dsdt.c +++ b/sys/dev/acpi/dsdt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsdt.c,v 1.216 2015/03/16 20:31:46 deraadt Exp $ */ +/* $OpenBSD: dsdt.c,v 1.217 2015/05/04 10:42:06 jmatthew Exp $ */ /* * Copyright (c) 2005 Jordan Hargrave * @@ -2286,6 +2286,9 @@ aml_rwgas(struct aml_value *rgn, int bpos, int blen, struct aml_value *val, } else { /* Write to a large field.. create or convert buffer */ val = aml_convert(val, AML_OBJTYPE_BUFFER, -1); + + if (blen > (val->length << 3)) + blen = val->length << 3; } vbit = val->v_buffer; } else { -- 2.20.1