Hi Anton, On Tue, 26 May 2026 at 14:41, Anton Ivanov <[email protected]> wrote: > > From: Binarly Vulnerability Research <[email protected]>
Is this a person? If so, can you use his/her name? As it stands it seems like an orgnisation rather than a person. > > fdt_get_name() can return NULL and set len to a negative error code. > fdt_find_regions() does not check for this, leading to a potential NULL > pointer dereference and a buffer out-of-bounds write. fdt_next_region(), > fdt_check_full(), and display_fdt_by_regions() also lack validation. > > Add NULL checks and propagate the error code from fdt_get_name() > to the caller. > > Signed-off-by: Binarly Vulnerability Research <[email protected]> > --- > Changes in v2: > - Rewrite commit message to be concise per maintainer feedback > - Don't mask fdt_get_name() returned error > > boot/fdt_region.c | 5 +++++ > scripts/dtc/libfdt/fdt_ro.c | 3 +++ > tools/fdtgrep.c | 3 +++ > 3 files changed, 11 insertions(+) > Regards, Simon
