git: 89f5bc467c79 - main - dtc: Sync with upstream version e9a77451cdd8

[Jessica Clarke]

The branch main has been updated by jrtc27:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=89f5bc467c793a6023bfac8db519a8d74f21a8d0

commit 89f5bc467c793a6023bfac8db519a8d74f21a8d0
Author:     Jessica Clarke <jrt...@freebsd.org>
AuthorDate: 2022-02-28 22:37:47 +0000
Commit:     Jessica Clarke <jrt...@freebsd.org>
CommitDate: 2022-02-28 22:37:47 +0000

    dtc: Sync with upstream version e9a77451cdd8
    
    1c231509cf88 ("Validate integers fit in cells") is the only change
    missing from our copy.
    
    Reviewed by:    manu, imp
    Differential Revision:  https://reviews.freebsd.org/D34368
---
 usr.bin/dtc/fdt.cc          | 18 ++++++++++++++++++
 usr.bin/dtc/input_buffer.cc |  5 ++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/usr.bin/dtc/fdt.cc b/usr.bin/dtc/fdt.cc
index 3c7b2a8bd9ab..bdfd495a02d2 100644
--- a/usr.bin/dtc/fdt.cc
+++ b/usr.bin/dtc/fdt.cc
@@ -335,10 +335,28 @@ property::parse_cells(text_input_buffer &input, int 
cell_size)
                        unsigned long long val;
                        if (!input.consume_integer_expression(val))
                        {
+                               // FIXME: Distinguish invalid syntax from a
+                               // number that cannot be represented in an
+                               // unsigned long long.
                                input.parse_error("Expected numbers in array of 
cells");
                                valid = false;
                                return;
                        }
+                       // FIXME: No sign information available, so cannot
+                       // distinguish small negative values from large
+                       // positive ones, and thus we have to conservatively
+                       // permit anything that looks like a sign-extended
+                       // negative integer.
+                       if (cell_size < 64 && val >= (1ull << cell_size) &&
+                           (val | ((1ull << (cell_size - 1)) - 1)) !=
+                           std::numeric_limits<unsigned long long>::max())
+                       {
+                               std::string msg = "Value does not fit in a " +
+                                       std::to_string(cell_size) + "-bit cell";
+                               input.parse_error(msg.c_str());
+                               valid = false;
+                               return;
+                       }
                        switch (cell_size)
                        {
                                case 8:
diff --git a/usr.bin/dtc/input_buffer.cc b/usr.bin/dtc/input_buffer.cc
index 1f4775c8b78c..01ab483353c0 100644
--- a/usr.bin/dtc/input_buffer.cc
+++ b/usr.bin/dtc/input_buffer.cc
@@ -349,8 +349,11 @@ input_buffer::consume_integer(unsigned long long &outInt)
                return false;
        }
        char *end= const_cast<char*>(&buffer[size]);
+       errno = 0;
        outInt = strtoull(&buffer[cursor], &end, 0);
-       if (end == &buffer[cursor])
+       if (end == &buffer[cursor] ||
+           (outInt == std::numeric_limits<unsigned long long>::max() &&
+            errno == ERANGE))
        {
                return false;
        }