From: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
early_init_fdt_scan_reserved_mem() invoks fdt_get_mem_rsv(), and it will
use uninitialized variables @base and @size once the callee suffers error.
Fix by checking fdt_get_mem_rsv() error as other callers do.
Signed-off-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
---
drivers/of/fdt.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index 4b1e9f101ce34d7212cc8de99c7e7761a2636866..c93a99d4a1e08c0d4cccf9e5ae16f7e4950ee801 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -497,6 +497,7 @@ static void __init fdt_reserve_elfcorehdr(void)
void __init early_init_fdt_scan_reserved_mem(void)
{
int n;
+ int res;
u64 base, size;
if (!initial_boot_params)
@@ -507,7 +508,11 @@ void __init early_init_fdt_scan_reserved_mem(void)
/* Process header /memreserve/ fields */
for (n = 0; ; n++) {
- fdt_get_mem_rsv(initial_boot_params, n, &base, &size);
+ res = fdt_get_mem_rsv(initial_boot_params, n, &base, &size);
+ if (res) {
+ pr_err("Invalid memory reservation block index %d\n", n);
+ break;
+ }
if (!size)
break;
memblock_reserve(base, size);
--
2.34.1
