On Mon, Sep 21, 2020 at 05:52:54PM +0100, Andre Przywara wrote:
> With -Wsign-compare, compilers warn about a mismatching signedness
> in comparisons in fdt_move().
>
> This stems from "bufsize" being passed in as a signed integer, even
> though we would expect a buffer size to be positive.
>
> Short of changing the prototype, check that bufsize is not negative, and
> cast it to an unsigned type in the comparison.
>
> Signed-off-by: Andre Przywara <andre.przywara@xxxxxxx>
Logic looks good, but the libfdt-in-tiny-bootloaders people would
probably appreciate a !can_assume(VALID_INPUT) test to elide the check
on bufsize.
> ---
> libfdt/fdt.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/libfdt/fdt.c b/libfdt/fdt.c
> index 04e1e06..43aaada 100644
> --- a/libfdt/fdt.c
> +++ b/libfdt/fdt.c
> @@ -314,9 +314,12 @@ const char *fdt_find_string_(const char *strtab, int tabsize, const char *s)
>
> int fdt_move(const void *fdt, void *buf, int bufsize)
> {
> + if (bufsize < 0)
> + return -FDT_ERR_NOSPACE;
> +
> FDT_RO_PROBE(fdt);
>
> - if (fdt_totalsize(fdt) > bufsize)
> + if (fdt_totalsize(fdt) > (unsigned int)bufsize)
> return -FDT_ERR_NOSPACE;
>
> memmove(buf, fdt, fdt_totalsize(fdt));
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature
