From 31edf44064fa3c0a83514f5633b0c2763102faaf Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 9 Nov 2022 15:16:09 +0100
Subject: [PATCH] acpi-fpdt: make sure length/type fields are available in
 acpi_fpdt_header

some extra safety: make sure the two fields we care about are actually
properly present before the buffer is over.
---
 src/shared/acpi-fpdt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/acpi-fpdt.c b/src/shared/acpi-fpdt.c
index 0a91b38ab0f..668f6c3eee9 100644
--- a/src/shared/acpi-fpdt.c
+++ b/src/shared/acpi-fpdt.c
@@ -89,7 +89,7 @@ int acpi_get_boot_usec(usec_t *ret_loader_start, usec_t *ret_loader_exit) {
 
         /* find Firmware Basic Boot Performance Pointer Record */
         for (rec = (struct acpi_fpdt_header *)(buf + sizeof(struct acpi_table_header));
-             (char *)rec < buf + l;
+             (char *)rec + offsetof(struct acpi_fpdt_header, revision) <= buf + l;
              rec = (struct acpi_fpdt_header *)((char *)rec + rec->length)) {
                 if (rec->length <= 0)
                         break;
-- 
2.47.3