From c8e6c93857885a19e959ec622d92a256d1cd98eb Mon Sep 17 00:00:00 2001 From: Haozhong Zhang Date: Fri, 25 Dec 2015 10:57:42 +0800 Subject: [PATCH] nvdimm: fix header pointer in nvdimm_build_nfit() In the current nvdimm_build_nfit(), the pointer 'header' initially equals to table_data->data + table_data->len. However, the following g_array_append_vals(table_data, structures->data, structures->len) may resize and relocate table_data->data[]. Therefore, the usage of 'header' afterwards may be illegal. This patch fixes this issue by storing an offset within table_data->data[] (rather than an address) in 'header'. Signed-off-by: Haozhong Zhang Reviewed-by: Xiao Guangrong Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/acpi/nvdimm.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c index 9534418824..df1b176b8f 100644 --- a/hw/acpi/nvdimm.c +++ b/hw/acpi/nvdimm.c @@ -353,16 +353,18 @@ static void nvdimm_build_nfit(GSList *device_list, GArray *table_offsets, GArray *table_data, GArray *linker) { GArray *structures = nvdimm_build_device_structure(device_list); - void *header; + unsigned int header; acpi_add_table(table_offsets, table_data); /* NFIT header. */ - header = acpi_data_push(table_data, sizeof(NvdimmNfitHeader)); + header = table_data->len; + acpi_data_push(table_data, sizeof(NvdimmNfitHeader)); /* NVDIMM device structures. */ g_array_append_vals(table_data, structures->data, structures->len); - build_header(linker, table_data, header, "NFIT", + build_header(linker, table_data, + (void *)(table_data->data + header), "NFIT", sizeof(NvdimmNfitHeader) + structures->len, 1, NULL); g_array_free(structures, true); } -- 2.11.4.GIT