X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fshared%2Facpi-fpdt.c;h=390c3236e097ce8bba1e4ee2a3e4f56d66414bf7;hp=a7c83ed8555987bb3b3dfa4dece2b182763a0969;hb=d60473c7ba32f2325a13f0357b23fd8e25609650;hpb=7e326fb5b2c1a839bbe7f879c7efa2af2ed33420

diff --git a/src/shared/acpi-fpdt.c b/src/shared/acpi-fpdt.c
index a7c83ed85..390c3236e 100644
--- a/src/shared/acpi-fpdt.c
+++ b/src/shared/acpi-fpdt.c
@@ -81,9 +81,9 @@ struct acpi_fpdt_boot {
 };
 
 int acpi_get_boot_usec(usec_t *loader_start, usec_t *loader_exit) {
-        _cleanup_free_ char *buf;
+        _cleanup_free_ char *buf = NULL;
         struct acpi_table_header *tbl;
-        size_t l;
+        size_t l = 0;
         struct acpi_fpdt_header *rec;
         int r;
         uint64_t ptr = 0;
@@ -109,6 +109,8 @@ int acpi_get_boot_usec(usec_t *loader_start, usec_t *loader_exit) {
         for (rec = (struct acpi_fpdt_header *)(buf + sizeof(struct acpi_table_header));
              (char *)rec < buf + l;
              rec = (struct acpi_fpdt_header *)((char *)rec + rec->length)) {
+                if (rec->length <= 0)
+                        break;
                 if (rec->type != ACPI_FPDT_TYPE_BOOT)
                         continue;
                 if (rec->length != sizeof(struct acpi_fpdt_header))
@@ -146,6 +148,11 @@ int acpi_get_boot_usec(usec_t *loader_start, usec_t *loader_exit) {
         if (brec.type != ACPI_FPDT_BOOT_REC)
                 return -EINVAL;
 
+        if (brec.startup_start == 0 || brec.exit_services_exit < brec.startup_start)
+                return -EINVAL;
+        if (brec.exit_services_exit > NSEC_PER_HOUR)
+                return -EINVAL;
+
         if (loader_start)
                 *loader_start = brec.startup_start / 1000;
         if (loader_exit)