Am 20. November 2025 05:15:30 MEZ schrieb Marek Vasut <[email protected]>: >If noffset is negative, do not pass it to fit_get_name() and then further to >libfdt, this will crash sandbox with SIGSEGV because libfdt can not handle >negative node offsets without full tree check, which U-Boot inhibits to keep >size lower. > >Instead, always check noffset before use, and if the return value indicates >failure, exit right away. > >Signed-off-by: Marek Vasut <[email protected]>
Acked-by: Heinrich Schuchardt <[email protected]> >--- >Cc: Heinrich Schuchardt <[email protected]> >Cc: Quentin Schulz <[email protected]> >Cc: Simon Glass <[email protected]> >Cc: Tom Rini <[email protected]> >Cc: Wolfgang Wallner <[email protected]> >Cc: [email protected] >--- > boot/image-fit.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > >diff --git a/boot/image-fit.c b/boot/image-fit.c >index cccaa48f683..35595f15ac3 100644 >--- a/boot/image-fit.c >+++ b/boot/image-fit.c >@@ -2137,7 +2137,6 @@ int fit_image_load(struct bootm_headers *images, ulong >addr, > > noffset = fit_conf_get_prop_node(fit, cfg_noffset, prop_name, > image_ph_phase(ph_type)); >- fit_uname = fit_get_name(fit, noffset, NULL); > } > if (noffset < 0) { > printf("Could not find subimage node type '%s'\n", prop_name); >@@ -2145,6 +2144,9 @@ int fit_image_load(struct bootm_headers *images, ulong >addr, > return -ENOENT; > } > >+ if (!fit_uname) >+ fit_uname = fit_get_name(fit, noffset, NULL); >+ > printf(" Trying '%s' %s subimage\n", fit_uname, prop_name); > > ret = fit_image_select(fit, noffset, images->verify);
