There is a similar array underflow error in the code here:
if (!(WalkState->OpInfo->Flags & AML_NO_OPERAND_RESOLVE)) { /* Resolve all operands */
Status = AcpiExResolveOperands (WalkState->Opcode, &(WalkState->Operands [WalkState->NumOperands -1]), WalkState); }
WalkState->NumOperands - 1 in one specific case is -1 causing an oops.
See: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1942215 - comment #8. A check something like the following is required:
if (walk_state->num_operands - 1 >= ARRAY_SIZE(walk_state->operands)) { ACPI_ERROR((AE_INFO, " many operands 0x%X for op_type 0x%X", walk_state->num_operands - 1, op_type)); status = AE_AML_BAD_OPCODE; goto cleanup; }
..perhaps a walk_state->num_operands < 1 check is required to as the above fix handles the 0 - 1 > 0xffffffff wraparound as too many args.
There is a similar array underflow error in the code here:
if (!(WalkState- >OpInfo- >Flags & AML_NO_ OPERAND_ RESOLVE) )
{
/* Resolve all operands */
Status = AcpiExResolveOp erands (WalkState->Opcode,
&(WalkState- >Operands [WalkState- >NumOperands -1]),
WalkState) ;
}
WalkState- >NumOperands - 1 in one specific case is -1 causing an oops.
See: https:/ /bugs.launchpad .net/ubuntu/ +source/ linux/+ bug/1942215 - comment #8. A check something like the following is required:
if (walk_state- >num_operands - 1 >= ARRAY_SIZE( walk_state- >operands) ) { ERROR(( AE_INFO, " many operands 0x%X for op_type 0x%X", walk_state- >num_operands - 1, op_type));
ACPI_
status = AE_AML_BAD_OPCODE;
goto cleanup;
}
..perhaps a walk_state- >num_operands < 1 check is required to as the above fix handles the 0 - 1 > 0xffffffff wraparound as too many args.