diff options
Diffstat (limited to 'cpukit/dtc')
| -rw-r--r-- | cpukit/dtc/VERSION | 25 | ||||
| -rw-r--r-- | cpukit/dtc/libfdt/fdt.c | 20 | ||||
| -rw-r--r-- | cpukit/dtc/libfdt/fdt_addresses.c | 2 | ||||
| -rw-r--r-- | cpukit/dtc/libfdt/fdt_ro.c | 2 |
4 files changed, 34 insertions, 15 deletions
diff --git a/cpukit/dtc/VERSION b/cpukit/dtc/VERSION index 77198ab947..5c9df8e118 100644 --- a/cpukit/dtc/VERSION +++ b/cpukit/dtc/VERSION @@ -2,17 +2,32 @@ Import from: git://git.kernel.org/pub/scm/utils/dtc/dtc.git -Commit: +commit 2cd89f862cdb04d91c5d59c5b39647f7d5d5b3b8 +Author: David Gibson <david@gibson.dropbear.id.au> +Date: Mon Nov 21 14:18:44 2022 +1100 -17739b7ef510917471409d71fb45d8eaf6a1e1fb + dtc: Warning rather than error on possible truncation of cell values -Date: + We always evaluate integer values in cell arrays as 64-bit quantities, then + truncate to the size of the array cells (32-bit by default). However to + detect accidental truncation of meaningful values, we give an error if the + truncated portion isn't either all 0 or all 1 bits. However, this can + still give counterintuitive errors. For if the user is thinking in 2's + complement 32-bit arithmetic (which would be quite natural), then they'd + expect the expression (-0xffffffff-2) to evaluate to -1 (0xffffffff). + However in 64-bit it evaluates to 0xfffffffeffffffff which does truncate + to the expected value but trips this error message. -Thu Dec 9 07:14:20 2021 +0100 + Because of this reduce the error to only a warnings, with a somewhat more + helpful message. + + Fixes: https://github.com/dgibson/dtc/issues/74 + + Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Commands to generate update patches: -git format-patch 17739b7ef510917471409d71fb45d8eaf6a1e1fb -- libfdt/fdt_addresses.c libfdt/fdt.c libfdt/fdt_empty_tree.c libfdt/fdt.h libfdt/fdt_ro.c libfdt/fdt_rw.c libfdt/fdt_strerror.c libfdt/fdt_sw.c libfdt/fdt_wip.c libfdt/libfdt_env.h libfdt/libfdt.h libfdt/libfdt_internal.h libfdt/TODO +git format-patch 2cd89f862cdb04d91c5d59c5b39647f7d5d5b3b8 -- libfdt/fdt_addresses.c libfdt/fdt.c libfdt/fdt_empty_tree.c libfdt/fdt.h libfdt/fdt_ro.c libfdt/fdt_rw.c libfdt/fdt_strerror.c libfdt/fdt_sw.c libfdt/fdt_wip.c libfdt/libfdt_env.h libfdt/libfdt.h libfdt/libfdt_internal.h libfdt/TODO sed -i 's%/libfdt/fdt.h%/cpukit/include/fdt.h%g' 00* sed -i 's%/libfdt/libfdt.h%/cpukit/include/libfdt.h%g' 00* sed -i 's%/libfdt/libfdt_env.h%/cpukit/include/libfdt_env.h%g' 00* diff --git a/cpukit/dtc/libfdt/fdt.c b/cpukit/dtc/libfdt/fdt.c index 9fe7cf4b74..20c6415b9c 100644 --- a/cpukit/dtc/libfdt/fdt.c +++ b/cpukit/dtc/libfdt/fdt.c @@ -106,7 +106,6 @@ int fdt_check_header(const void *fdt) } hdrsize = fdt_header_size(fdt); if (!can_assume(VALID_DTB)) { - if ((fdt_totalsize(fdt) < hdrsize) || (fdt_totalsize(fdt) > INT_MAX)) return -FDT_ERR_TRUNCATED; @@ -115,9 +114,7 @@ int fdt_check_header(const void *fdt) if (!check_off_(hdrsize, fdt_totalsize(fdt), fdt_off_mem_rsvmap(fdt))) return -FDT_ERR_TRUNCATED; - } - if (!can_assume(VALID_DTB)) { /* Bounds check structure block */ if (!can_assume(LATEST) && fdt_version(fdt) < 17) { if (!check_off_(hdrsize, fdt_totalsize(fdt), @@ -165,7 +162,7 @@ const void *fdt_offset_ptr(const void *fdt, int offset, unsigned int len) uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset) { const fdt32_t *tagp, *lenp; - uint32_t tag; + uint32_t tag, len, sum; int offset = startoffset; const char *p; @@ -191,12 +188,19 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset) lenp = fdt_offset_ptr(fdt, offset, sizeof(*lenp)); if (!can_assume(VALID_DTB) && !lenp) return FDT_END; /* premature end */ + + len = fdt32_to_cpu(*lenp); + sum = len + offset; + if (!can_assume(VALID_DTB) && + (INT_MAX <= sum || sum < (uint32_t) offset)) + return FDT_END; /* premature end */ + /* skip-name offset, length and value */ - offset += sizeof(struct fdt_property) - FDT_TAGSIZE - + fdt32_to_cpu(*lenp); + offset += sizeof(struct fdt_property) - FDT_TAGSIZE + len; + if (!can_assume(LATEST) && - fdt_version(fdt) < 0x10 && fdt32_to_cpu(*lenp) >= 8 && - ((offset - fdt32_to_cpu(*lenp)) % 8) != 0) + fdt_version(fdt) < 0x10 && len >= 8 && + ((offset - len) % 8) != 0) offset += 4; break; diff --git a/cpukit/dtc/libfdt/fdt_addresses.c b/cpukit/dtc/libfdt/fdt_addresses.c index c40ba094f1..65d2e8c3ee 100644 --- a/cpukit/dtc/libfdt/fdt_addresses.c +++ b/cpukit/dtc/libfdt/fdt_addresses.c @@ -2,7 +2,7 @@ /* * libfdt - Flat Device Tree manipulation * Copyright (C) 2014 David Gibson <david@gibson.dropbear.id.au> - * Copyright (C) 2018 embedded brains GmbH + * Copyright (C) 2018 embedded brains GmbH & Co. KG */ #include "libfdt_env.h" diff --git a/cpukit/dtc/libfdt/fdt_ro.c b/cpukit/dtc/libfdt/fdt_ro.c index 17584da257..9f6c551a22 100644 --- a/cpukit/dtc/libfdt/fdt_ro.c +++ b/cpukit/dtc/libfdt/fdt_ro.c @@ -481,12 +481,12 @@ const void *fdt_getprop_by_offset(const void *fdt, int offset, if (!can_assume(VALID_INPUT)) { name = fdt_get_string(fdt, fdt32_ld_(&prop->nameoff), &namelen); + *namep = name; if (!name) { if (lenp) *lenp = namelen; return NULL; } - *namep = name; } else { *namep = fdt_string(fdt, fdt32_ld_(&prop->nameoff)); } |