diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2018-07-09 14:50:38 +1000 |
|---|---|---|
| committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-07-19 07:01:12 +0200 |
| commit | 80eaf453c279bc82abe0e32e5eb663be0e3cb265 (patch) | |
| tree | 4b9187e7e690ab6324de0d7a1f0b14fd24de8a31 /compile | |
| parent | libfdt: Copy the struct region in fdt_resize() (diff) | |
| download | rtems-80eaf453c279bc82abe0e32e5eb663be0e3cb265.tar.bz2 | |
libfdt: Add necessary header padding in fdt_create()
At present fdt_create() will succeed if there is exactly enough space to
put in the fdt header. However, it sets the off_mem_rsvmap field, a few
bytes past that in order to align the memory reservation block.
Having block pointers pointing past the end of the fdt is pretty ugly, even
if it is just a transient state. Worse, if fdt_resize() is called at
exactly the wrong time, it can end up accessing data past the blob's
allocated space because of this.
So, correct fdt_create() to ensure that there is sufficient space for the
alignment padding as well as the plain header. For paranoia, also add a
check in fdt_resize() to make sure we don't copy data from outside the
blob's bounds.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'compile')
0 files changed, 0 insertions, 0 deletions