Hi Marek, On Thu, 13 Nov 2025 at 05:22, Marek Vasut <[email protected]> wrote: > > The fdt_offset_ptr() may return NULL pointer, check the return > value from fdt_offset_ptr() for NULL unconditionally to prevent > sandbox crashes. > > Signed-off-by: Marek Vasut <[email protected]> > --- > Cc: Adriano Cordova <[email protected]> > Cc: Andrew Goodbody <[email protected]> > Cc: Christian Marangi <[email protected]> > Cc: Heinrich Schuchardt <[email protected]> > Cc: Ilias Apalodimas <[email protected]> > Cc: Patrice Chotard <[email protected]> > Cc: Sam Edwards <[email protected]> > Cc: Simon Glass <[email protected]> > Cc: Tom Rini <[email protected]> > Cc: [email protected] > --- > scripts/dtc/libfdt/fdt.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/scripts/dtc/libfdt/fdt.c b/scripts/dtc/libfdt/fdt.c > index 95f644c31f9..d16cc3d4730 100644 > --- a/scripts/dtc/libfdt/fdt.c > +++ b/scripts/dtc/libfdt/fdt.c > @@ -168,7 +168,7 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, > int *nextoffset) > > *nextoffset = -FDT_ERR_TRUNCATED; > tagp = fdt_offset_ptr(fdt, offset, FDT_TAGSIZE); > - if (!can_assume(VALID_DTB) && !tagp) > + if (!tagp) > return FDT_END; /* premature end */ > tag = fdt32_to_cpu(*tagp); > offset += FDT_TAGSIZE; > @@ -186,7 +186,7 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, > int *nextoffset) > > case FDT_PROP: > lenp = fdt_offset_ptr(fdt, offset, sizeof(*lenp)); > - if (!can_assume(VALID_DTB) && !lenp) > + if (!lenp) > return FDT_END; /* premature end */ > > len = fdt32_to_cpu(*lenp); > -- > 2.51.0 >
The can_assume() is there to be respected and helps to reduce code size. What problem are you actually seeing? Regards, Simon
