Ubuntu
fwts package

fwts: segfaults on --disassemble-aml with some ACPI tables.

Bug #1050475 reported by Colin Ian King
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fwts (Ubuntu)
Fix Released
High
Colin Ian King

Bug Description

Commit d4fcca77cc3536a475e558492d65e1f063cdbabe in the ACPICA library introduced a regression which causes the segfault.

Looking at the same acpica core built into the iasl tool we can reproduce this fault:

Program received signal SIGSEGV, Segmentation fault.
0x000000000043867e in AcpiDmFieldPredefinedDescription (Op=0x7bbcc0)
    at ../../../source/components/disassembler/dmopcode.c:334
334 if (ACPI_COMPARE_NAME (Tag, Info->Name))
(gdb) print Tag
$1 = 0x0
(gdb) print Info->Name
$2 = 0x49d060 "_ACx"
(gdb)

Patch from Robert Moore at Intel fixes this:

diff --git a/source/common/dmrestag.c b/source/common/dmrestag.c
index 9afaad3..3097f15 100644
--- a/source/common/dmrestag.c
+++ b/source/common/dmrestag.c
@@ -541,6 +541,11 @@ AcpiDmCheckResourceReference (
     /* Get the Index term, must be an integer constant to convert */

     IndexOp = BufferNameOp->Common.Next;
+
+ /* Major cheat: The Node field is also used for the Tag ptr. Clear it now */
+
+ IndexOp->Common.Node = NULL;
+
     OpInfo = AcpiPsGetOpcodeInfo (IndexOp->Common.AmlOpcode);
     if (OpInfo->ObjectType != ACPI_TYPE_INTEGER)
     {
diff --git a/source/components/disassembler/dmopcode.c b/source/components/disassembler/dmopcode.c
index c3771b5..342e861 100644
--- a/source/components/disassembler/dmopcode.c
+++ b/source/components/disassembler/dmopcode.c
@@ -326,6 +326,10 @@ AcpiDmFieldPredefinedDescription (
     /* Major cheat: We previously put the Tag ptr in the Node field */

     Tag = ACPI_CAST_PTR (char, IndexOp->Common.Node);
+ if (!Tag)
+ {
+ return;
+ }

     /* Match the name in the info table */

Related branches

lp:ubuntu/quantal/fwts
Colin Ian King (colin-king)
Changed in fwts (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Colin King (colin-king)
summary: - fwts: segfaults on --disassemble-aml with some acpitables.
+ fwts: segfaults on --disassemble-aml with some ACPI tables.
Revision history for this message
Colin Ian King (colin-king) wrote :

Patch merged into fwts and sent to the mailing list.

Colin Ian King (colin-king)
Changed in fwts (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Colin Ian King (colin-king) wrote :

Committed in fwts, commit: 40fda20d9307013bfd5910f8ece32ee168251b31

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fwts - 0.26.00-1

---------------
fwts (0.26.00-1) quantal; urgency=low

  [Colin Ian King]
  * uefi: uefidump: Dump out variables containing kernel messages
  * uefi: uefidump: add support for ConErrDev
  * uefi: uefifump: Add support for dumping SecureBoot and SetupMode vars
  * uefi: uefidump: Add support for dumping MemoryOverwriteRequestControl.
  * uefi: uefidump: Add support for AcpiGlobalVariable
  * uefi: uefidump: Add support for SignatureSupport variable
  * lib: fwts_guid: Add fwts_guid_str_to_buf to convert string back to a GUID
  * uefi: add in support for new uefivar file system interface
  * lib: framework: Add "unsafe" test category
  * lib + tests: bulk rename of fwts flag macros
  * lib: fwts_framework: fix unnecessary escaping
  * acpica: Fix segfault when disassembling AML (LP: #1050475)

  [Keng-Yu Lin]
  * auto-packager: mkpackage.sh: checksum only the specified version
 -- Keng-Yu Lin <email address hidden> Fri, 14 Sep 2012 13:35:31 +0800

Changed in fwts (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.