From ea77aba560b925bb16a221e0c9a0116f76a2c85c Mon Sep 17 00:00:00 2001
From: Gabriel Marcano <gabemarcano@yahoo.com>
Date: Fri, 17 Feb 2023 16:08:22 -0800
Subject: iasl: check Offset before Subtable dereference

In AcpiDmDumpMadt(), compute and check the Offset before attempting to
dereference Subtable fields to prevent a read overflow.
---
 source/common/dmtbdump2.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/source/common/dmtbdump2.c b/source/common/dmtbdump2.c
index 353979e8f..e204342cb 100644
--- a/source/common/dmtbdump2.c
+++ b/source/common/dmtbdump2.c
@@ -1058,16 +1058,16 @@ NextSubtable:
         Subtable = ACPI_ADD_PTR (ACPI_SUBTABLE_HEADER, Subtable,
             Subtable->Length);
 
-        DbgPrint (ASL_PARSE_OUTPUT, "//[5) Next Subtable %p, length %X]\n",
-            Subtable, Subtable->Length);
-        DbgPrint (ASL_PARSE_OUTPUT, "//[5B) Offset from table start: 0x%8.8X%8.8X (%p)]\n",
-            ACPI_FORMAT_UINT64 (ACPI_CAST_PTR (char, Subtable) - ACPI_CAST_PTR (char, Table)), Subtable);
-
         Offset = ACPI_CAST_PTR (char, Subtable) - ACPI_CAST_PTR (char, Table);
         if (Offset >= Table->Length)
         {
             return;
         }
+
+        DbgPrint (ASL_PARSE_OUTPUT, "//[5) Next Subtable %p, length %X]\n",
+            Subtable, Subtable->Length);
+        DbgPrint (ASL_PARSE_OUTPUT, "//[5B) Offset from table start: 0x%8.8X%8.8X (%p)]\n",
+            ACPI_FORMAT_UINT64 (ACPI_CAST_PTR (char, Subtable) - ACPI_CAST_PTR (char, Table)), Subtable);
     }
 }
 
-- 
cgit v1.2.1