Hi Rob,
On 05/16/18 21:19, frowand.list@xxxxxxxxx wrote:
> From: Frank Rowand <frank.rowand@xxxxxxxx>
>
> The smatch static checker marks the data in offset as untrusted,
> leading it to warn:
>
> drivers/of/resolver.c:125 update_usages_of_a_phandle_reference()
> error: buffer underflow 'prop->value' 's32min-s32max'
>
> Add check to verify that offset is within the property data.
>
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Signed-off-by: Frank Rowand <frank.rowand@xxxxxxxx>
> ---
> drivers/of/resolver.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/of/resolver.c b/drivers/of/resolver.c
> index 65d0b7adfcd4..7edfac6f1914 100644
> --- a/drivers/of/resolver.c
> +++ b/drivers/of/resolver.c
> @@ -122,6 +122,11 @@ static int update_usages_of_a_phandle_reference(struct device_node *overlay,
> goto err_fail;
> }
>
> + if (offset < 0 || offset + sizeof(__be32) > prop->length) {
> + err = -EINVAL;
> + goto err_fail;
> + }
> +
> *(__be32 *)(prop->value + offset) = cpu_to_be32(phandle);
> }
>
>
I should have mentioned that this results in a new compile warning
for W=2 and W=3. The new if statement results in:
drivers/of/resolver.c:125:45: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
There are other pre-existing warnings in the same file for comparing
an integer to prop->length. The correct solution is probably to
change the type of the length field in struct property to be
unsigned. I have added that task to my todo list.
-Frank
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
