From owner-acpi-jp@jp.freebsd.org  Thu Aug 30 00:22:23 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id AAA74215;
	Thu, 30 Aug 2001 00:22:23 +0900 (JST)
	(envelope-from owner-acpi-jp@jp.FreeBSD.org)
Received: from thalia.fm.intel.com (fmfdns02.fm.intel.com [132.233.247.11])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id AAA74210
	for <acpi-jp@jp.freebsd.org>; Thu, 30 Aug 2001 00:22:22 +0900 (JST)
	(envelope-from robert.moore@intel.com)
Received: from fmsmsxvs040.fm.intel.com (fmsmsxv040-1.fm.intel.com [132.233.48.108])
	by thalia.fm.intel.com (8.9.1a+p1/8.9.1/d: relay.m4,v 1.41 2001/07/09 21:06:22 root Exp $) with SMTP id PAA07969
	for <acpi-jp@jp.freebsd.org>; Wed, 29 Aug 2001 15:22:20 GMT
Received: from fmsmsx17.intel.com ([132.233.48.17])
 by fmsmsxvs040.fm.intel.com (NAVGW 2.5.1.6) with SMTP id M2001082908220014422
 for <acpi-jp@jp.freebsd.org>; Wed, 29 Aug 2001 08:22:00 -0700
Received: by fmsmsx17.fm.intel.com with Internet Mail Service (5.5.2653.19)
	id <RR416VM8>; Wed, 29 Aug 2001 08:23:20 -0700
Message-ID: <7B1A3FD0E515D211AC3E00A0C96B7AC907C8D2C6@orsmsx34.jf.intel.com>
From: "Moore, Robert" <robert.moore@intel.com>
To: "'acpi-jp@jp.freebsd.org'" <acpi-jp@jp.freebsd.org>,
        "Grover, Andrew" <andrew.grover@intel.com>
Date: Wed, 29 Aug 2001 08:17:03 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Reply-To: acpi-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: acpi-jp 1228
Subject: [acpi-jp 1228] RE: Fix? acpica-unix-20010816
Errors-To: owner-acpi-jp@jp.freebsd.org
Sender: owner-acpi-jp@jp.freebsd.org
X-Originator: robert.moore@intel.com


Can you give us a little better idea of what the AML/ASL looks like?  We
want to keep a flag around that says "this pointer is a pointer into the
AML, don't try to delete it", instead of checking if the pointer is an AML
pointer all over the place.

Bob


		-----Original Message-----
		From:	Mitsuru IWASAKI [mailto:iwasaki@jp.freebsd.org]
		Sent:	Wednesday, August 29, 2001 7:22 AM
		To:	andrew.grover@intel.com
		Cc:	acpi-jp@jp.freebsd.org
		Subject:	[acpi-jp 1227] Fix? acpica-unix-20010816

		Hi, Andrew.

		I've tried acpica-unix-20010816 imported and got panic on
calling
		AcpiEvaluateObject(h, "_BST", NULL, buffer) because of
free() for
		invalid address.  It's pointer seems to be in DSDT (Package
object
		which is returned by _BST method).

		Backtrace is like this;
		AcpiOsFree()
		AcpiExCopyStringToString()
		AcpiExStoreObject()
		AcpiExStoreObjectToObject()
		AcpiExStoreObjectToIndex()
		AcpiExStore()
		AcpiExMonadic2R()
		AcpiDsExecEndOp()
		AcpiPsParseLoop()
		AcpiPsParseAml()
		AcpiPsxExecute()
		AcpiExExecuteMethod()
		AcpiNsExecuteControlMethod()
		AcpiNsEvaluateByHandle()
		AcpiNsEvaluateRelative()
		AcpiEvaluateObject()

		Tracking down this, I've found changes on
AcpiExCopyStringToString() and
		made quick fix on this here, but I think proper fix would be
made in the
		constructor of String object (with AOPOBJ_STATIC_POINTER
flag?).

		Anyway, I attached small patch for this.

		Thanks

		Index: exstorob.c
	
===================================================================
		RCS file: /home/ncvs/src/sys/contrib/dev/acpica/exstorob.c,v
		retrieving revision 1.1.1.9
		diff -u -r1.1.1.9 exstorob.c
		--- exstorob.c	26 Aug 2001 22:28:17 -0000	1.1.1.9
		+++ exstorob.c	29 Aug 2001 02:29:57 -0000
		@@ -254,7 +254,10 @@
		             /*
		              * Only free if not a pointer into the DSDT
		              */
		-            ACPI_MEM_FREE (TargetDesc->String.Pointer);
		+            if (!AcpiTbSystemTablePointer
(TargetDesc->String.Pointer))
		+            {
		+                ACPI_MEM_FREE (TargetDesc->String.Pointer);
		+            }
		         }
		 
		         TargetDesc->String.Pointer = ACPI_MEM_ALLOCATE
(Length + 1);
