On Wed, Nov 28, 2012 at 9:27 AM, Zdenek Kabelac <zkabe...@redhat.com> wrote: > > I've attached bigger disasfun script output to BZ 51071. > https://bugzilla.kernel.org/show_bug.cgi?id=51071#c1 > > > if (ACPI_GET_DESCRIPTOR_TYPE(prefix_node) != > 00000000000000a1 <acpi_ns_lookup+0xa1> cmpb $0xf,0x8(%rbx) > 00000000000000a5 <acpi_ns_lookup+0xa5> je 0da <acpi_ns_lookup+0xda> > > seems to be going out of bounds.
The whole "prefix_node" pointer is bogus. It seems to have the value 0x1000.
I wonder how that happened. It's loaded from 'scope_info->scope.node',
and it *should* be a valid pointer.
Can you add a print-out of
scope_info->common.descriptor_type
and check that it is ACPI_DESC_TYPE_STATE_WSCOPE (== 8). If it is not,
return early.
Or just something like the attatched, which just uses the root node
(and warns once) if it's not a valid WSCOPE thing.
Linus
patch.diff
Description: Binary data
