acpidump: do not use pointer arithmetic to check for overflow

Pointer arithmetic overflow is UB.  Convert to unsigned uintptr_t and do
the check there.

PR:	204945
Reported by:	David Binderman <dcb314@hotmail.com>
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
This commit is contained in:
Konstantin Belousov
2025-02-26 07:24:30 +02:00
parent 2c44f1ff69
commit 8c108dccd7
+5 -4
View File
@@ -1222,13 +1222,14 @@ acpi_handle_tcpa(ACPI_TABLE_HEADER *sdp)
vend = vaddr + len;
while (vaddr != NULL) {
if ((vaddr + sizeof(struct TCPAevent) >= vend)||
(vaddr + sizeof(struct TCPAevent) < vaddr))
if ((uintptr_t)vaddr + sizeof(struct TCPAevent) >=
(uintptr_t)vend || (uintptr_t)vaddr + sizeof(
struct TCPAevent) < (uintptr_t)vaddr)
break;
event = (struct TCPAevent *)(void *)vaddr;
if (vaddr + event->event_size >= vend)
if ((uintptr_t)vaddr + event->event_size >= (uintptr_t)vend)
break;
if (vaddr + event->event_size < vaddr)
if ((uintptr_t)vaddr + event->event_size < (uintptr_t)vaddr)
break;
if (event->event_type == 0 && event->event_size == 0)
break;