fit_digest will hash the list of images in the configuration, so fit_check_signature() can compare it against the signed hash. So far, parse errors while computing the hash were ignored. This is not directly exploitable as the hash would be incomplete and fail the signature verification, but it makes the code more difficult to reason about. This unused assignment to ret was detected by clang-analyzer-19. Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> --- common/image-fit.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/common/image-fit.c b/common/image-fit.c index 959384abd275..6eda041935be 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -338,6 +338,9 @@ static int fit_verify_signature(struct device_node *sig_node, const void *fit) ret = fit_digest(fit, digest, &inc_nodes, &exc_props, hashed_strings_start, hashed_strings_size); + if (ret) + goto out_sl; + hash = xzalloc(digest_length(digest)); digest_final(digest, hash); -- 2.39.5