From 5a03ce84b81f4573e44fbdfd0d8b15e27a82b178 Mon Sep 17 00:00:00 2001 From: Frank Mehnert Date: Thu, 13 Aug 2020 17:26:26 +0200 Subject: libfdt: fix fdt_check_node_offset_ w/ VALID_INPUT fdt_check_node_offset_() checks for a valid offset but also changes the offset by calling fdt_next_tag(). Hence, do not skip this function if ASSUME_VALID_INPUT is set but only omit the initial offset check in that case. As this function works very similar to fdt_check_prop_offset_(), do the offset check there as well depending on ASSUME_VALID_INPUT. Message-Id: <1913141.TlUzK5foHS@noys4> Signed-off-by: David Gibson --- cpukit/dtc/libfdt/fdt.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'cpukit/dtc/libfdt') diff --git a/cpukit/dtc/libfdt/fdt.c b/cpukit/dtc/libfdt/fdt.c index c28fcc1157..37b7b93556 100644 --- a/cpukit/dtc/libfdt/fdt.c +++ b/cpukit/dtc/libfdt/fdt.c @@ -206,10 +206,11 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset) int fdt_check_node_offset_(const void *fdt, int offset) { - if (can_assume(VALID_INPUT)) - return offset; - if ((offset < 0) || (offset % FDT_TAGSIZE) - || (fdt_next_tag(fdt, offset, &offset) != FDT_BEGIN_NODE)) + if (!can_assume(VALID_INPUT) + && ((offset < 0) || (offset % FDT_TAGSIZE))) + return -FDT_ERR_BADOFFSET; + + if (fdt_next_tag(fdt, offset, &offset) != FDT_BEGIN_NODE) return -FDT_ERR_BADOFFSET; return offset; @@ -217,8 +218,11 @@ int fdt_check_node_offset_(const void *fdt, int offset) int fdt_check_prop_offset_(const void *fdt, int offset) { - if ((offset < 0) || (offset % FDT_TAGSIZE) - || (fdt_next_tag(fdt, offset, &offset) != FDT_PROP)) + if (!can_assume(VALID_INPUT) + && ((offset < 0) || (offset % FDT_TAGSIZE))) + return -FDT_ERR_BADOFFSET; + + if (fdt_next_tag(fdt, offset, &offset) != FDT_PROP) return -FDT_ERR_BADOFFSET; return offset; -- cgit v1.2.3