On Thu, Jul 09, 2020 at 02:14:51PM +1000, patrick.oppenlander@xxxxxxxxx wrote: > From: Patrick Oppenlander <patrick.oppenlander@xxxxxxxxx> > > fdt_check_header assumes that its argument points to a complete header > and can read data beyond the FDT_V1_SIZE bytes which fdt_check_full > can provide. > > fdt_header_size can safely return a header size with FDT_V1_SIZE bytes > available and will return a usable value even for a corrupted header. > > Signed-off-by: Patrick Oppenlander <patrick.oppenlander@xxxxxxxxx> Applied, thanks. > --- > libfdt/fdt_check.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libfdt/fdt_check.c b/libfdt/fdt_check.c > index 7f6a96c..9ddfdbf 100644 > --- a/libfdt/fdt_check.c > +++ b/libfdt/fdt_check.c > @@ -22,6 +22,8 @@ int fdt_check_full(const void *fdt, size_t bufsize) > > if (bufsize < FDT_V1_SIZE) > return -FDT_ERR_TRUNCATED; > + if (bufsize < fdt_header_size(fdt)) > + return -FDT_ERR_TRUNCATED; > err = fdt_check_header(fdt); > if (err != 0) > return err; -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature
