The branch main has been updated by kib:
URL:
https://cgit.FreeBSD.org/src/commit/?id=8c108dccd7f878ad44aaef1f5bfb5622666bd09a
commit 8c108dccd7f878ad44aaef1f5bfb5622666bd09a
Author: Konstantin Belousov <k...@freebsd.org>
AuthorDate: 2025-02-26 05:24:30 +0000
Commit: Konstantin Belousov <k...@freebsd.org>
CommitDate: 2025-02-26 05:27:32 +0000
acpidump: do not use pointer arithmetic to check for overflow
Pointer arithmetic overflow is UB. Convert to unsigned uintptr_t and do
the check there.
PR: 204945
Reported by: David Binderman <dcb...@hotmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
---
usr.sbin/acpi/acpidump/acpi.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/usr.sbin/acpi/acpidump/acpi.c b/usr.sbin/acpi/acpidump/acpi.c
index c9e2d5745d50..a8a3c953d72d 100644
--- a/usr.sbin/acpi/acpidump/acpi.c
+++ b/usr.sbin/acpi/acpidump/acpi.c
@@ -1222,13 +1222,14 @@ acpi_handle_tcpa(ACPI_TABLE_HEADER *sdp)
vend = vaddr + len;
while (vaddr != NULL) {
- if ((vaddr + sizeof(struct TCPAevent) >= vend)||
- (vaddr + sizeof(struct TCPAevent) < vaddr))
+ if ((uintptr_t)vaddr + sizeof(struct TCPAevent) >=
+ (uintptr_t)vend || (uintptr_t)vaddr + sizeof(
+ struct TCPAevent) < (uintptr_t)vaddr)
break;
event = (struct TCPAevent *)(void *)vaddr;
- if (vaddr + event->event_size >= vend)
+ if ((uintptr_t)vaddr + event->event_size >= (uintptr_t)vend)
break;
- if (vaddr + event->event_size < vaddr)
+ if ((uintptr_t)vaddr + event->event_size < (uintptr_t)vaddr)
break;
if (event->event_type == 0 && event->event_size == 0)
break;
