acpi-fpdt: make sure length/type fields are available in acpi_fpdt_header

some extra safety: make sure the two fields we care about are actually
properly present before the buffer is over.

diff --git a/src/shared/acpi-fpdt.c b/src/shared/acpi-fpdt.c
index 0a91b38ab0f524413dc797468e85a20e5c9332b4..668f6c3eee9b80bfd8f83c93b3cf559d4136ddb4 100644 (file)
--- a/src/shared/acpi-fpdt.c
+++ b/src/shared/acpi-fpdt.c
@@ -89,7 +89,7 @@ int acpi_get_boot_usec(usec_t *ret_loader_start, usec_t *ret_loader_exit) {
 
         /* find Firmware Basic Boot Performance Pointer Record */
         for (rec = (struct acpi_fpdt_header *)(buf + sizeof(struct acpi_table_header));
-             (char *)rec < buf + l;
+             (char *)rec + offsetof(struct acpi_fpdt_header, revision) <= buf + l;
              rec = (struct acpi_fpdt_header *)((char *)rec + rec->length)) {
                 if (rec->length <= 0)
                         break;