From: hshoexer <hshoexer@yerbouti.franken.de>
Subject: NULL pointer deref in acpi_common_attach()
To: tech@openbsd.org
Date: Mon, 15 Sep 2025 18:05:46 +0200

Hi,

when there's no DSDT we currently dereference a NULL-pointer.  If
it's valid -- though unlikely I guess -- to not have a DSDT, we
could do something like in the diff below.  I am assumeing there
that parsing SSDTs without DSDT is pointless.

If it is not acceptable to have no DSDT we should panic I guess?

Thoughts?

Take care,
HJ.

Index: dev/acpi/acpi.c
===================================================================
RCS file: /cvs/src/sys/dev/acpi/acpi.c,v
diff -u -p -u -p -r1.452 acpi.c
--- dev/acpi/acpi.c	8 Sep 2025 10:36:15 -0000	1.452
+++ dev/acpi/acpi.c	15 Sep 2025 15:54:10 -0000
@@ -1130,18 +1130,19 @@ acpi_attach_common(struct acpi_softc *sc
 
 	if (entry == NULL)
 		printf(" !DSDT");
+	else {
+		p_dsdt = entry->q_table;
+		acpi_parse_aml(sc, NULL, p_dsdt->aml,
+		    p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
 
-	p_dsdt = entry->q_table;
-	acpi_parse_aml(sc, NULL, p_dsdt->aml,
-	    p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
-
-	/* Load SSDT's */
-	SIMPLEQ_FOREACH(entry, &sc->sc_tables, q_next) {
-		if (memcmp(entry->q_table, SSDT_SIG,
-		    sizeof(SSDT_SIG) - 1) == 0) {
-			p_dsdt = entry->q_table;
-			acpi_parse_aml(sc, NULL, p_dsdt->aml,
-			    p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
+		/* Load SSDT's */
+		SIMPLEQ_FOREACH(entry, &sc->sc_tables, q_next) {
+			if (memcmp(entry->q_table, SSDT_SIG,
+			    sizeof(SSDT_SIG) - 1) == 0) {
+				p_dsdt = entry->q_table;
+				acpi_parse_aml(sc, NULL, p_dsdt->aml,
+				    p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
+			}
 		}
 	}