On Tue, 26 May 2026 07:03:31 +0000, Aristo Chen wrote:
> The get_basename() helper in tools/fit_image.c searches the entire input
> path independently for the last '/' and the last '.'. When the last '.'
> falls at an offset earlier than the last '/', for example "./mydt",
> "a.b/c" or "sub.d/leaf", 'end' points before 'start' and the computed
> length is negative. The size check uses signed comparison so the negative
> value flows unchanged into memcpy() (cast to size_t there) and mkimage
> segfaults during -f auto FIT generation. The helper is reached on every
> auto-FIT build via the -b, --fit-tee and --fit-tfa-bl31 file arguments.
>
> [...]
Applied to u-boot/next, thanks!
[1/2] tools: mkimage: fix get_basename crash on paths with dotted directories
commit: 759968136d68ba178904313c38ad1003525c58ac
[2/2] test/py: cover get_basename crash on paths with dotted directories
commit: 4a4452a03916d8687442b1d0af5098be986e439e
--
Tom
