Ubuntu
fwts package

fwts: corrupt ACPI table input causes segmentation fault in acpica core

Bug #826774 reported by Colin Ian King
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fwts (Ubuntu)
Fix Released
Medium
Colin Ian King

Bug Description

Running fwts method test with input from a dumped ACPI table which is corrupt causes the ACPI table installation in the ACPICA core to segfault.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7502109 in AcpiTbInstallTable () from /usr/lib/libfwtsacpica.so.1
(gdb) where
#0 0x00007ffff7502109 in AcpiTbInstallTable () from /usr/lib/libfwtsacpica.so.1
#1 0x00007ffff7500fd7 in AcpiTbParseFadt () from /usr/lib/libfwtsacpica.so.1
#2 0x00007ffff7502520 in AcpiTbParseRootTable () from /usr/lib/libfwtsacpica.so.1
#3 0x00007ffff75026a0 in AcpiInitializeTables () from /usr/lib/libfwtsacpica.so.1
#4 0x00007ffff74c8214 in fwts_acpica_init () from /usr/lib/libfwtsacpica.so.1
#5 0x0000000000411969 in ?? ()
#6 0x00007ffff7740ada in fwts_framework_args () from /usr/lib/libfwts.so.1
#7 0x00000000004038e9 in ?? ()
#8 0x00007ffff713deff in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#9 0x0000000000403819 in ?? ()
#10 0x00007fffffffe2b8 in ?? ()
#11 0x000000000000001c in ?? ()
#12 0x0000000000000004 in ?? ()
#13 0x00007fffffffe59b in ?? ()
#14 0x00007fffffffe5a9 in ?? ()
#15 0x00007fffffffe5d8 in ?? ()
#16 0x00007fffffffe5df in ?? ()
#17 0x0000000000000000 in ?? ()

The ACPI table dump begins as follows:

Error: command ['/usr/share/apport/dump_acpi_tables.py'] failed with exit code 1: DSDT @ 0x00000000
  0000: 44 53 44 54 64 4c 00 00 01 8d 4c 4e 56 5f 50 00 DSDTdL....LNV_P.
  0010: 4c 4e 56 5f 50 35 30 31 01 05 00 00 49 4e 54 4c LNV_P501....INTL
  0020: 17 11 05 20 5b 80 41 43 4d 53 01 0a 72 0a 02 5b ... [.ACMS..r..[
  0030: 81 10 41 43 4d 53 01 49 43 4d 53 08 44 43 4d 53 ..ACMS.ICMS.DCMS
  0040: 08 5b 86 1f 49 43 4d 53 44 43 4d 53 01 00 08 00 .[..ICMSDCMS....
  0050: 18 00 20 42 53 5f 41 20 52 45 56 30 08 52 45 56 .. BS_A REV0.REV
  0060: 31 08 5b 80 41 43 41 46 00 42 53 5f 41 0a 20 5b 1.[.ACAF.BS_A. [
  0070: 81 44 09 41 43 41 46 00 4f 43 43 30 01 4f 43 43 .D.ACAF.OCC0.OCC

This causes the parser to not find the DSDT which in turn means that fwts_acpica_FADT->Dsdt and fwts_acpica_FADT->XDsdt are not initialised and this causes the ACPICA core to segfault when loading these tables from the internal cached copies. The fix is to nullify these pointers if the DSDT fails to load which in turn causes the table loading to detect the error and abort gracefully rather than segfault.

Colin Ian King (colin-king)
Changed in fwts (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Colin King (colin-king)
Revision history for this message
Colin Ian King (colin-king) wrote :

Fixed with commit a27fa41a5d82f033bd9c5892ff6b8452035209e3

Changed in fwts (Ubuntu):
status: In Progress → Fix Committed
Dave Walker (davewalker)
Changed in fwts (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.