From 6e9c9686d826564f44c93cdd6f111b1c0a9dc224 Mon Sep 17 00:00:00 2001 From: Rob Herring Date: Mon, 12 Oct 2020 09:58:15 -0500 Subject: scripts/dtc: Update to upstream version v1.6.0-31-gcbca977ea121 This adds the following commits from upstream: cbca977ea121 checks: Allow PCI bridge child nodes without an address 73e0f143b73d libfdt: fdt_strerror(): Fix comparison warning 6c2be7d85315 libfdt: fdt_get_string(): Fix sequential write comparison warnings 82525f41d59e libfdt: libfdt_wip: Fix comparison warning fb1f65f15832 libfdt: fdt_create_with_flags(): Fix comparison warning f28aa271000b libfdt: fdt_move(): Fix comparison warnings 3d7c6f44195a libfdt: fdt_add_string_(): Fix comparison warning 10f682788c30 libfdt: fdt_node_offset_by_phandle(): Fix comparison warning 07158f4cf2a2 libfdt: overlay: Fix comparison warning ce9e1f25a7de libfdt: fdt_resize(): Fix comparison warning faa76fc10bc5 libfdt: fdt_splice_(): Fix comparison warning 54dca0985316 libfdt: fdt_get_string(): Fix comparison warnings f8e11e61624e libfdt: fdt_grab_space_(): Fix comparison warning 0c43d4d7bf5a libfdt: fdt_mem_rsv(): Fix comparison warnings 442ea3dd1579 libfdt: fdt_offset_ptr(): Fix comparison warnings ca19c3db2bf6 Makefile: Specify cflags for libyaml 7bb86f1c0956 libfdt: fix fdt_check_node_offset_ w/ VALID_INPUT 3d522abc7571 dtc: Include stdlib.h in util.h 808cdaaf524f dtc: Avoid UB when shifting 3e3138b4a956 libfdt: fix fdt_check_full buffer overrun Signed-off-by: Rob Herring --- scripts/dtc/libfdt/fdt.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) (limited to 'scripts/dtc/libfdt/fdt.c') diff --git a/scripts/dtc/libfdt/fdt.c b/scripts/dtc/libfdt/fdt.c index c28fcc115771..6cf2fa03b037 100644 --- a/scripts/dtc/libfdt/fdt.c +++ b/scripts/dtc/libfdt/fdt.c @@ -134,16 +134,20 @@ int fdt_check_header(const void *fdt) const void *fdt_offset_ptr(const void *fdt, int offset, unsigned int len) { - unsigned absoffset = offset + fdt_off_dt_struct(fdt); + unsigned int uoffset = offset; + unsigned int absoffset = offset + fdt_off_dt_struct(fdt); + + if (offset < 0) + return NULL; if (!can_assume(VALID_INPUT)) - if ((absoffset < offset) + if ((absoffset < uoffset) || ((absoffset + len) < absoffset) || (absoffset + len) > fdt_totalsize(fdt)) return NULL; if (can_assume(LATEST) || fdt_version(fdt) >= 0x11) - if (((offset + len) < offset) + if (((uoffset + len) < uoffset) || ((offset + len) > fdt_size_dt_struct(fdt))) return NULL; @@ -206,10 +210,11 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset) int fdt_check_node_offset_(const void *fdt, int offset) { - if (can_assume(VALID_INPUT)) - return offset; - if ((offset < 0) || (offset % FDT_TAGSIZE) - || (fdt_next_tag(fdt, offset, &offset) != FDT_BEGIN_NODE)) + if (!can_assume(VALID_INPUT) + && ((offset < 0) || (offset % FDT_TAGSIZE))) + return -FDT_ERR_BADOFFSET; + + if (fdt_next_tag(fdt, offset, &offset) != FDT_BEGIN_NODE) return -FDT_ERR_BADOFFSET; return offset; @@ -217,8 +222,11 @@ int fdt_check_node_offset_(const void *fdt, int offset) int fdt_check_prop_offset_(const void *fdt, int offset) { - if ((offset < 0) || (offset % FDT_TAGSIZE) - || (fdt_next_tag(fdt, offset, &offset) != FDT_PROP)) + if (!can_assume(VALID_INPUT) + && ((offset < 0) || (offset % FDT_TAGSIZE))) + return -FDT_ERR_BADOFFSET; + + if (fdt_next_tag(fdt, offset, &offset) != FDT_PROP) return -FDT_ERR_BADOFFSET; return offset; @@ -306,9 +314,12 @@ const char *fdt_find_string_(const char *strtab, int tabsize, const char *s) int fdt_move(const void *fdt, void *buf, int bufsize) { + if (!can_assume(VALID_INPUT) && bufsize < 0) + return -FDT_ERR_NOSPACE; + FDT_RO_PROBE(fdt); - if (fdt_totalsize(fdt) > bufsize) + if (fdt_totalsize(fdt) > (unsigned int)bufsize) return -FDT_ERR_NOSPACE; memmove(buf, fdt, fdt_totalsize(fdt)); -- cgit v1.2.3