On Tue, Dec 09, 2025 at 01:06:28PM +0200, Adriana Nicolae wrote: > Hello, > > A possible fix for fdtdec.c tests would be to validate the fdt size > before using it. > All 3 tests in this file are using the same approach, if the previous tests > were > acceptable the newly added one has some identical parts. > > If there is a way to test and fix all these 3 errors, I've put some > changes which > might be enough for Coverity to assume that the size of the fdt is safe. Let > me > know how I can test it or should I send an email to post it as a > separate change?
Thanks. A frustrating thing to me with Coverity is I've never seen a way
to test if a change fixes a bug (if you *pay* for Coverity then you can
do many more runs, and also run it on CI test branches and not pollute
your main results I believe, is why). So we need to do it as a regular
patch.
> diff --git a/test/dm/fdtdec.c b/test/dm/fdtdec.c
> index ea5a494612c..a3c90d38115 100644
> --- a/test/dm/fdtdec.c
> +++ b/test/dm/fdtdec.c
> @@ -14,14 +14,21 @@
>
> DECLARE_GLOBAL_DATA_PTR;
>
> +#define FDTDEC_MAX_SIZE (2 * 1024 * 1024)
> +
> static int dm_test_fdtdec_set_carveout(struct unit_test_state *uts)
> {
> struct fdt_memory resv;
> void *blob;
> const fdt32_t *prop;
> - int blob_sz, len, offset;
> + int blob_sz, len, offset, fdt_sz;
> +
> + fdt_sz = fdt_totalsize(gd->fdt_blob);
> + if (fdt_sz <= 0 || fdt_sz > FDTDEC_MAX_SIZE) {
> + return -EINVAL;
> + }
Since these are tests, can we ut_assertsomething here instead? Thanks!
--
Tom
signature.asc
Description: PGP signature
