On Thu, 14 Nov 2024 17:51:14 +0200, Abdelrahman Youssef wrote:
> While fuzzing, the name marked by FDT_BEGIN_NODE sometimes extends beyond
> the struct block area, causing a heap-overflow.
>
> Since `maxlen` is an unsigned integer representing the length of name,
> It can be negative, so it overflows to large numbers, Causing strnlen()
> to overflow.
>
> [...]
Applied, thanks!
[1/1] of: fdt: fix possible overflow during parsing of fdt
https://git.pengutronix.de/cgit/barebox/commit/?id=7a3cb7e6fd63 (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
