(We probably don't want this patch, and certainly can't apply it as is, but I send it in order to find out the intent of fdt_string()).
At present fdt_string() says that returns: - a pointer to the string, on success - NULL, if stroffset is out of bounds However it does not in fact return NULL. Changing it to do so also breaks 15 tests (segfault). What is the intended behaviour of this function, please? Signed-off-by: Simon Glass <[email protected]> --- libfdt/fdt_ro.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/libfdt/fdt_ro.c b/libfdt/fdt_ro.c index 50007f6..cba8772 100644 --- a/libfdt/fdt_ro.c +++ b/libfdt/fdt_ro.c @@ -77,6 +77,8 @@ static int _fdt_nodename_eq(const void *fdt, int offset, const char *fdt_string(const void *fdt, int stroffset) { + if (stroffset < 0 || stroffset >= fdt_size_dt_strings(fdt)) + return NULL; return (const char *)fdt + fdt_off_dt_strings(fdt) + stroffset; } -- 1.7.7.3 _______________________________________________ devicetree-discuss mailing list [email protected] https://lists.ozlabs.org/listinfo/devicetree-discuss
