On Tue, Oct 10, 2023 at 10:28:22AM +0100, Pierre-Clément Tosi wrote:
> Reject empty paths and negative lengths, according to the DT spec v0.4:
>
> The convention for specifying a device path is:
> /node-name-1/node-name-2/node-name-N
>
> The path to the root node is /.
>
> This prevents the access to path[0] from ever being out-of-bounds.
>
> Signed-off-by: Pierre-Clément Tosi <ptosi@xxxxxxxxxx>
Merged and pushed out, thanks.
> ---
> v2
> - allow the check to be optimized out when ASSUME_VALID_INPUT
> - add test coverage for empty paths and negative size
> - remove redundant part of the quote in the commit message
> v3
> - simplify condition in check_path_offset()
> ---
> libfdt/fdt_ro.c | 3 +++
> tests/path_offset.c | 8 +++++++-
> 2 files changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/libfdt/fdt_ro.c b/libfdt/fdt_ro.c
> index c4c520c..7567f52 100644
> --- a/libfdt/fdt_ro.c
> +++ b/libfdt/fdt_ro.c
> @@ -255,6 +255,9 @@ int fdt_path_offset_namelen(const void *fdt, const char *path, int namelen)
>
> FDT_RO_PROBE(fdt);
>
> + if (!can_assume(VALID_INPUT) && namelen <= 0)
> + return -FDT_ERR_BADPATH;
> +
> /* see if we have an alias */
> if (*path != '/') {
> const char *q = memchr(path, '/', end - p);
> diff --git a/tests/path_offset.c b/tests/path_offset.c
> index 8e657af..ad8db83 100644
> --- a/tests/path_offset.c
> +++ b/tests/path_offset.c
> @@ -48,10 +48,13 @@ static void check_path_offset(void *fdt, const char *path, int offset)
> verbose_printf("Checking offset of \"%s\" is %d...\n", path, offset);
>
> rc = fdt_path_offset(fdt, path);
> + if (rc == offset)
> + return;
> +
> if (rc < 0)
> FAIL("fdt_path_offset(\"%s\") failed: %s",
> path, fdt_strerror(rc));
> - if (rc != offset)
> + else
> FAIL("fdt_path_offset(\"%s\") returned incorrect offset"
> " %d instead of %d", path, rc, offset);
> }
> @@ -102,6 +105,7 @@ int main(int argc, char *argv[])
> check_path_offset(fdt, "/subnode@2/subsubnode", subsubnode2_offset2);
>
> /* Test paths with extraneous separators */
> + check_path_offset(fdt, "", -FDT_ERR_BADPATH);
> check_path_offset(fdt, "//", 0);
> check_path_offset(fdt, "///", 0);
> check_path_offset(fdt, "//subnode@1", subnode1_offset);
> @@ -110,6 +114,8 @@ int main(int argc, char *argv[])
> check_path_offset(fdt, "/subnode@2////subsubnode", subsubnode2_offset2);
>
> /* Test fdt_path_offset_namelen() */
> + check_path_offset_namelen(fdt, "/subnode@1", -1, -FDT_ERR_BADPATH);
> + check_path_offset_namelen(fdt, "/subnode@1", 0, -FDT_ERR_BADPATH);
> check_path_offset_namelen(fdt, "/subnode@1", 1, 0);
> check_path_offset_namelen(fdt, "/subnode@1/subsubnode", 10, subnode1_offset);
> check_path_offset_namelen(fdt, "/subnode@1/subsubnode", 11, subnode1_offset);
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature
