Re: [PATCHv2 06/13] libfdt: Safer access to memory reservations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 11 April 2018 at 22:52, David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> wrote:
> fdt_num_mem_rsv() and fdt_get_mem_rsv() currently don't sanity check their
> parameters, or the memory reserve section offset in the header.  That means
> that on a corrupted blob they could access outside of the range of memory
> that they should.
>
> This improves their safety checking, meaning they shouldn't access outside
> the blob's bounds, even if its contents are badly corrupted.
>
> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
> ---
>  libfdt/fdt_ro.c          | 33 ++++++++++++++++++++-----
>  tests/.gitignore         |  1 +
>  tests/Makefile.tests     |  2 +-
>  tests/run_tests.sh       |  1 +
>  tests/testdata.h         |  1 +
>  tests/trees.S            | 20 +++++++++++++++
>  tests/truncated_memrsv.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++
>  7 files changed, 114 insertions(+), 7 deletions(-)
>  create mode 100644 tests/truncated_memrsv.c
>

Reviewed-by: Simon Glass <sjg@xxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe devicetree-compiler" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Device Tree]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux