summaryrefslogtreecommitdiffstats
path: root/cpukit/dtc
diff options
context:
space:
mode:
authorLoveSy <shana@zju.edu.cn>2021-12-15 17:30:11 +0800
committerSebastian Huber <sebastian.huber@embedded-brains.de>2022-07-19 09:28:22 +0200
commit6f79435915cfe57c64964ff85c234b68718980c9 (patch)
tree329c78370b21c770ef6e4e270ebacdc012c105bd /cpukit/dtc
parentspsysinit01: Account for use of .noinit section (diff)
downloadrtems-6f79435915cfe57c64964ff85c234b68718980c9.tar.bz2
Fix a UB when fdt_get_string return null
When fdt_get_string return null, `namep` is not correctly reset. From the document of `fdt_getprop_by_offset`, the parameter `namep` will be always overwritten (that is, it will be overwritten without exception of error occurance). As for the caller (like https://github.com/topjohnwu/Magisk/blob/e097c097feb881f6097b6d1dc346f310bc92f5d6/native/jni/magiskboot/dtb.cpp#L42), the code may be like: ```cpp size_t size; const char *name; auto *value = fdt_getprop_by_offset(fdt, prop, &name, &size); ``` and if `value == nullptr`, `size` is also be overwritten correctly but `name` is not, which is quite inconsistent. This commit makes sure `name` and `size` behavior consistently (reset to reasonable value) when error occurs. Signed-off-by: LoveSy <shana@zju.edu.cn> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'cpukit/dtc')
-rw-r--r--cpukit/dtc/libfdt/fdt_ro.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/cpukit/dtc/libfdt/fdt_ro.c b/cpukit/dtc/libfdt/fdt_ro.c
index 17584da257..9f6c551a22 100644
--- a/cpukit/dtc/libfdt/fdt_ro.c
+++ b/cpukit/dtc/libfdt/fdt_ro.c
@@ -481,12 +481,12 @@ const void *fdt_getprop_by_offset(const void *fdt, int offset,
if (!can_assume(VALID_INPUT)) {
name = fdt_get_string(fdt, fdt32_ld_(&prop->nameoff),
&namelen);
+ *namep = name;
if (!name) {
if (lenp)
*lenp = namelen;
return NULL;
}
- *namep = name;
} else {
*namep = fdt_string(fdt, fdt32_ld_(&prop->nameoff));
}