Google Git
Sign in
qemu / dtc / 9825f823eb5c9fc6b01e40f1b84108f5574235f2
commit9825f823eb5c9fc6b01e40f1b84108f5574235f2[log] [tgz]
authorDavid Gibson <dgibson@sneetch.(none)>Thu Dec 14 15:29:25 2006 +1100
committerDavid Gibson <dgibson@sneetch.(none)>Thu Dec 14 15:29:25 2006 +1100
treec01ac4522a04d36df2d92145667228454c705f9c
parent6ae4de5c81eac62a0c658ef302c850da3f107092 [diff]
libfdt: Fix bounds-checking bug in fdt_get_property()

The libfdt functions are supposed to behave tolerably well when practical,
even if given a corrupted device tree as input.  A silly mistake in
fdt_get_property() means we're bounds checking against the size of a pointer
instead of the size of a property header, meaning we can get bogus
behaviour in a corrupted device tree where the structure block ends in
what's supposed to be the middle of a property.

This patch corrects the problem (fdt_get_property() will now return
BADSTRUCTURE in this case), and also adds a testcase to catch the bug.
6 files changed
tree: c01ac4522a04d36df2d92145667228454c705f9c
  1. tests/
  2. .gitignore
  3. fdt.c
  4. fdt.h
  5. fdt_ro.c
  6. fdt_rw.c
  7. fdt_sw.c
  8. fdt_wip.c
  9. GPL
  10. libfdt.h
  11. libfdt_env.h
  12. libfdt_internal.h
  13. Makefile