On Wed, 11 Jun 2025 08:39:10 +0200, Ahmad Fatoum wrote:
> While dt_struct_advance was taking care to check its arguments don't
> overflow their type, the addition of len (that is read from the FDT)
> to a constant was already overflowing before the function was called.
>
> Move all additions with untrusted input into the function to fix this.
>
> This resolves crashes detected by libfuzzer when the digest functions
> were ultimately called with a length of -1 == 0xffffffff.
>
> [...]
Applied, thanks!
[1/1] of: fdt: fix overflowing in dt_struct_advance arguments
https://git.pengutronix.de/cgit/barebox/commit/?id=26136fd068d7 (link may
not be stable)
Best regards,
--
Sascha Hauer <s.ha...@pengutronix.de>
