Prevent infinite loops when traversing corrupted lists.

This change hardens the ACPICA code to detect circular linked object
lists and prevent an infinite loop if such corruption exists.

1 files changed, 12 insertions, 0 deletions

diff --git a/source/components/events/evregion.c b/source/components/events/evregion.c
index c03ae6c81..8f1b24b2d 100644
--- a/source/components/events/evregion.c
+++ b/source/components/events/evregion.c
@@ -405,6 +405,7 @@ AcpiEvDetachRegion(
 {
     ACPI_OPERAND_OBJECT     *HandlerObj;
     ACPI_OPERAND_OBJECT     *ObjDesc;
+    ACPI_OPERAND_OBJECT     *StartDesc;
     ACPI_OPERAND_OBJECT     **LastObjPtr;
     ACPI_ADR_SPACE_SETUP    RegionSetup;
     void                    **RegionContext;
@@ -435,6 +436,7 @@ AcpiEvDetachRegion(
     /* Find this region in the handler's list */
 
     ObjDesc = HandlerObj->AddressSpace.RegionList;
+    StartDesc = ObjDesc;
     LastObjPtr = &HandlerObj->AddressSpace.RegionList;
 
     while (ObjDesc)
@@ -529,6 +531,16 @@ AcpiEvDetachRegion(
 
         LastObjPtr = &ObjDesc->Region.Next;
         ObjDesc = ObjDesc->Region.Next;
+
+        /* Prevent infinite loop if list is corrupted */
+
+        if (ObjDesc == StartDesc)
+        {
+            ACPI_ERROR ((AE_INFO,
+                "Circular handler list in region object %p",
+                RegionObj));
+            return_VOID;
+        }
     }
 
     /* If we get here, the region was not in the handler's region list */