From: Haozhong Zhang <haozhong.zh...@intel.com>
In the current nvdimm_build_nfit(), the pointer 'header' initially equals
to table_data->data + table_data->len. However, the following
g_array_append_vals(table_data, structures->data, structures->len)
may resize and relocate table_data->data[]. Therefore, the usage of 'header'
afterwards may be illegal.
This patch fixes this issue by storing an offset within table_data->data[]
(rather than an address) in 'header'.
Signed-off-by: Haozhong Zhang <haozhong.zh...@intel.com>
Reviewed-by: Xiao Guangrong <guangrong.x...@linux.intel.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
---
hw/acpi/nvdimm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
index 9534418..df1b176 100644
--- a/hw/acpi/nvdimm.c
+++ b/hw/acpi/nvdimm.c
@@ -353,16 +353,18 @@ static void nvdimm_build_nfit(GSList *device_list, GArray
*table_offsets,
GArray *table_data, GArray *linker)
{
GArray *structures = nvdimm_build_device_structure(device_list);
- void *header;
+ unsigned int header;
acpi_add_table(table_offsets, table_data);
/* NFIT header. */
- header = acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
+ header = table_data->len;
+ acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
/* NVDIMM device structures. */
g_array_append_vals(table_data, structures->data, structures->len);
- build_header(linker, table_data, header, "NFIT",
+ build_header(linker, table_data,
+ (void *)(table_data->data + header), "NFIT",
sizeof(NvdimmNfitHeader) + structures->len, 1, NULL);
g_array_free(structures, true);
}
--
MST
