Hi,
If we're calling fdt_find_node() and do not actually find the node we're
looking for, we call strncmp with a NULL value.
What happens is that we use fdt_child_node(node) to retrieve a child
and then use fdt_next_node(child) to go through the list of children.
If we do not find a child that matches the given name(s), it will
reach the end of the list. You know that you're at the end of the
list if the next token is not FDT_NODE_BEGIN. A child must start
with that token.
Even though there's no child left, fdt_next_node(child) will not
return a NULL ptr, but instead return a pointer to the next token.
This means the for-loop will continue to run and call strncmp.
fdt_node_name(child) will return a NULL ptr, as the token behind
the ptr is not FDT_NODE_BEGIN.
This diff makes the function return NULL if the token behind the
child pointer is not FDT_NODE_BEGIN. This tells us we reached
the end of the list and we have not found a child matching the
passed name(s). Thus the find has failed.
Patrick
diff --git sys/arch/socppc/socppc/fdt.c sys/arch/socppc/socppc/fdt.c
index 0dec4fb..741763c 100644
--- sys/arch/socppc/socppc/fdt.c
+++ sys/arch/socppc/socppc/fdt.c
@@ -274,6 +274,13 @@ fdt_find_node(char *name)
for (child = fdt_child_node(node); child;
child = fdt_next_node(child)) {
+ /*
+ * A child always starts with a FDT_NODE_BEGIN token.
+ * If it's another token, we have reached the end of
+ * the list but have not found a match.
+ */
+ if (betoh32(*(uint32_t *)child) != FDT_NODE_BEGIN)
+ return NULL;
if (strncmp(p, fdt_node_name(child), q - p) == 0) {
node = child;
break;
