diff options
author | Rob Herring <robh@kernel.org> | 2022-11-01 12:54:44 -0500 |
---|---|---|
committer | Rob Herring <robh@kernel.org> | 2022-11-10 08:37:19 -0600 |
commit | ea3723a541c198c84e81a0e975dba6c18764393e (patch) | |
tree | c48222aa0a4a41790e0accb92a78e154bc9a832e /scripts/dtc/libfdt/fdt.c | |
parent | 6b0584c19d87a56fe1e83a0e3237c937945e827a (diff) | |
download | lwn-ea3723a541c198c84e81a0e975dba6c18764393e.tar.gz lwn-ea3723a541c198c84e81a0e975dba6c18764393e.zip |
scripts/dtc: Update to upstream version v1.6.1-63-g55778a03df61
It's been a while since the last sync and Lee needs commit 73590342fc85
("libfdt: prevent integer overflow in fdt_next_tag").
This adds the following commits from upstream:
55778a03df61 libfdt: tests: add get_next_tag_invalid_prop_len
73590342fc85 libfdt: prevent integer overflow in fdt_next_tag
035fb90d5375 libfdt: add fdt_get_property_by_offset_w helper
98a07006c48d Makefile: fix infinite recursion by dropping non-existent `%.output`
a036cc7b0c10 Makefile: limit make re-execution to avoid infinite spin
c6e92108bcd9 libdtc: remove duplicate judgments
e37c25677dc9 Don't generate erroneous fixups from reference to path
50454658f2b5 libfdt: Don't mask fdt_get_name() returned error
e64a204196c9 manual.txt: Follow README.md and remove Jon
f508c83fe6f0 Update README in MANIFEST.in and setup.py to README.md
c2ccf8a77dd2 Add description of Signed-off-by lines
90b9d9de42ca Split out information for contributors to CONTRIBUTING.md
0ee1d479b23a Remove Jon Loeliger from maintainers list
b33a73c62c1c Convert README to README.md
7ad60734b1c1 Allow static building with meson
fd9b8c96c780 Allow static building with make
fda71da26e7f libfdt: Handle failed get_name() on BEGIN_NODE
c7c7f17a83d5 Fix test script to run also on dash shell
01f23ffe1679 Add missing relref_merge test to meson test list
ed310803ea89 pylibfdt: add FdtRo.get_path()
c001fc01a43e pylibfdt: fix swig build in install
26c54f840d23 tests: add test cases for label-relative path references
ec7986e682cf dtc: introduce label relative path references
651410e54cb9 util: introduce xstrndup helper
4048aed12b81 setup.py: fix out of tree build
ff5afb96d0c0 Handle integer overflow in check_property_phandle_args()
ca7294434309 README: Explain how to add a new API function
c0c2e115f82e Fix a UB when fdt_get_string return null
cd5f69cbc0d4 tests: setprop_inplace: use xstrdup instead of unchecked strdup
a04f69025003 pylibfdt: add Property.as_*int*_array()
83102717d7c4 pylibfdt: add Property.as_stringlist()
d152126bb029 Fix Python crash on getprop deallocation
17739b7ef510 Support 'r' format for printing raw bytes with fdtget
45f3d1a095dd libfdt: overlay: make overlay_get_target() public
c19a4bafa514 libfdt: fix an incorrect integer promotion
1cc41b1c969f pylibfdt: Add packaging metadata
db72398cd437 README: Update pylibfdt install instructions
383e148b70a4 pylibfdt: fix with Python 3.10
23b56cb7e189 pylibfdt: Move setup.py to the top level
69a760747d8d pylibfdt: Split setup.py author name and email
0b106a77dbdc pylibfdt: Use setuptools_scm for the version
c691776ddb26 pylibfdt: Use setuptools instead of distutils
5216f3f1bbb7 libfdt: Add static lib to meson build
4eda2590f481 CI: Cirrus: bump used FreeBSD from 12.1 to 13.0
Link: https://lore.kernel.org/r/20221101181427.1808703-1-robh@kernel.org/
Signed-off-by: Rob Herring <robh@kernel.org>
Diffstat (limited to 'scripts/dtc/libfdt/fdt.c')
-rw-r--r-- | scripts/dtc/libfdt/fdt.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/scripts/dtc/libfdt/fdt.c b/scripts/dtc/libfdt/fdt.c index 9fe7cf4b747d..20c6415b9ced 100644 --- a/scripts/dtc/libfdt/fdt.c +++ b/scripts/dtc/libfdt/fdt.c @@ -106,7 +106,6 @@ int fdt_check_header(const void *fdt) } hdrsize = fdt_header_size(fdt); if (!can_assume(VALID_DTB)) { - if ((fdt_totalsize(fdt) < hdrsize) || (fdt_totalsize(fdt) > INT_MAX)) return -FDT_ERR_TRUNCATED; @@ -115,9 +114,7 @@ int fdt_check_header(const void *fdt) if (!check_off_(hdrsize, fdt_totalsize(fdt), fdt_off_mem_rsvmap(fdt))) return -FDT_ERR_TRUNCATED; - } - if (!can_assume(VALID_DTB)) { /* Bounds check structure block */ if (!can_assume(LATEST) && fdt_version(fdt) < 17) { if (!check_off_(hdrsize, fdt_totalsize(fdt), @@ -165,7 +162,7 @@ const void *fdt_offset_ptr(const void *fdt, int offset, unsigned int len) uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset) { const fdt32_t *tagp, *lenp; - uint32_t tag; + uint32_t tag, len, sum; int offset = startoffset; const char *p; @@ -191,12 +188,19 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset) lenp = fdt_offset_ptr(fdt, offset, sizeof(*lenp)); if (!can_assume(VALID_DTB) && !lenp) return FDT_END; /* premature end */ + + len = fdt32_to_cpu(*lenp); + sum = len + offset; + if (!can_assume(VALID_DTB) && + (INT_MAX <= sum || sum < (uint32_t) offset)) + return FDT_END; /* premature end */ + /* skip-name offset, length and value */ - offset += sizeof(struct fdt_property) - FDT_TAGSIZE - + fdt32_to_cpu(*lenp); + offset += sizeof(struct fdt_property) - FDT_TAGSIZE + len; + if (!can_assume(LATEST) && - fdt_version(fdt) < 0x10 && fdt32_to_cpu(*lenp) >= 8 && - ((offset - fdt32_to_cpu(*lenp)) % 8) != 0) + fdt_version(fdt) < 0x10 && len >= 8 && + ((offset - len) % 8) != 0) offset += 4; break; |