On Tue, Jun 02, 2026 at 07:27:52PM +0100, Anton Ivanov wrote: > fdt_get_name() can return NULL and set len to a negative error code. > fdt_find_regions() does not check for this, leading to a potential NULL > pointer dereference and a buffer out-of-bounds write during signature > verification of an untrusted FIT. fdt_next_region(), fdt_check_full(), > and display_fdt_by_regions() also lack validation. > > Add NULL checks and propagate the error code from fdt_get_name() > to the caller. > > Signed-off-by: Anton Ivanov <[email protected]> > Reviewed-by: Simon Glass <[email protected]>
Applied to u-boot/next, thanks! -- Tom
signature.asc
Description: PGP signature
