From owner-acpi-jp@jp.freebsd.org  Wed Aug 29 23:22:38 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id XAA70735;
	Wed, 29 Aug 2001 23:22:38 +0900 (JST)
	(envelope-from owner-acpi-jp@jp.FreeBSD.org)
Received: from tasogare.imasy.or.jp (root@tasogare.imasy.or.jp [202.227.24.5])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id XAA70730
	for <acpi-jp@jp.freebsd.org>; Wed, 29 Aug 2001 23:22:38 +0900 (JST)
	(envelope-from iwasaki@jp.FreeBSD.org)
Received: from localhost (iwasaki.imasy.or.jp [202.227.24.92])
	by tasogare.imasy.or.jp (8.11.6+3.4W/8.11.6/tasogare) with ESMTP/inet id f7TEMVm88792;
	Wed, 29 Aug 2001 23:22:31 +0900 (JST)
	(envelope-from iwasaki@jp.FreeBSD.org)
To: andrew.grover@intel.com
Cc: acpi-jp@jp.freebsd.org
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20010829232228M.iwasaki@jp.FreeBSD.org>
Date: Wed, 29 Aug 2001 23:22:28 +0900
From: Mitsuru IWASAKI <iwasaki@jp.freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Lines: 52
Reply-To: acpi-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: acpi-jp 1227
Subject: [acpi-jp 1227] Fix? acpica-unix-20010816
Errors-To: owner-acpi-jp@jp.freebsd.org
Sender: owner-acpi-jp@jp.freebsd.org
X-Originator: iwasaki@jp.freebsd.org

Hi, Andrew.

I've tried acpica-unix-20010816 imported and got panic on calling
AcpiEvaluateObject(h, "_BST", NULL, buffer) because of free() for
invalid address.  It's pointer seems to be in DSDT (Package object
which is returned by _BST method).

Backtrace is like this;
AcpiOsFree()
AcpiExCopyStringToString()
AcpiExStoreObject()
AcpiExStoreObjectToObject()
AcpiExStoreObjectToIndex()
AcpiExStore()
AcpiExMonadic2R()
AcpiDsExecEndOp()
AcpiPsParseLoop()
AcpiPsParseAml()
AcpiPsxExecute()
AcpiExExecuteMethod()
AcpiNsExecuteControlMethod()
AcpiNsEvaluateByHandle()
AcpiNsEvaluateRelative()
AcpiEvaluateObject()

Tracking down this, I've found changes on AcpiExCopyStringToString() and
made quick fix on this here, but I think proper fix would be made in the
constructor of String object (with AOPOBJ_STATIC_POINTER flag?).

Anyway, I attached small patch for this.

Thanks

Index: exstorob.c
===================================================================
RCS file: /home/ncvs/src/sys/contrib/dev/acpica/exstorob.c,v
retrieving revision 1.1.1.9
diff -u -r1.1.1.9 exstorob.c
--- exstorob.c	26 Aug 2001 22:28:17 -0000	1.1.1.9
+++ exstorob.c	29 Aug 2001 02:29:57 -0000
@@ -254,7 +254,10 @@
             /*
              * Only free if not a pointer into the DSDT
              */
-            ACPI_MEM_FREE (TargetDesc->String.Pointer);
+            if (!AcpiTbSystemTablePointer (TargetDesc->String.Pointer))
+            {
+                ACPI_MEM_FREE (TargetDesc->String.Pointer);
+            }
         }
 
         TargetDesc->String.Pointer = ACPI_MEM_ALLOCATE (Length + 1);
