diff options
| author | LoveSy <shana@zju.edu.cn> | 2021-12-15 17:30:11 +0800 |
|---|---|---|
| committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2022-07-19 09:28:22 +0200 |
| commit | 6f79435915cfe57c64964ff85c234b68718980c9 (patch) | |
| tree | 329c78370b21c770ef6e4e270ebacdc012c105bd /cpukit/dtc/VERSION | |
| parent | spsysinit01: Account for use of .noinit section (diff) | |
| download | rtems-6f79435915cfe57c64964ff85c234b68718980c9.tar.bz2 | |
Fix a UB when fdt_get_string return null
When fdt_get_string return null, `namep` is not correctly reset.
From the document of `fdt_getprop_by_offset`, the parameter `namep` will
be always overwritten (that is, it will be overwritten without exception
of error occurance).
As for the caller (like
https://github.com/topjohnwu/Magisk/blob/e097c097feb881f6097b6d1dc346f310bc92f5d6/native/jni/magiskboot/dtb.cpp#L42),
the code may be like:
```cpp
size_t size;
const char *name;
auto *value = fdt_getprop_by_offset(fdt, prop, &name, &size);
```
and if `value == nullptr`, `size` is also be overwritten correctly but
`name` is not, which is quite inconsistent.
This commit makes sure `name` and `size` behavior consistently (reset to
reasonable value) when error occurs.
Signed-off-by: LoveSy <shana@zju.edu.cn>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions