[PATCH] Fix uninitialized access bug in utilfdt_decode_type
David Gibson
david at gibson.dropbear.id.au
Fri Feb 3 17:06:12 EST 2012
I just found this little bug with valgrind. strchr() will return true
if the given character is '\0'. This meant that utilfdt_decode_type()
could take a path which accesses uninitialized data when given the
(invalid) format string "L".
Signed-off-by: David Gibson <david at gibson.dropbear.id.au>
---
util.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/util.c b/util.c
index d82d41f..2422c34 100644
--- a/util.c
+++ b/util.c
@@ -296,6 +296,9 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
{
int qualifier = 0;
+ if (!*fmt)
+ return -1;
+
/* get the conversion qualifier */
*size = -1;
if (strchr("hlLb", *fmt)) {
@@ -311,7 +314,7 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
}
/* we should now have a type */
- if (!strchr("iuxs", *fmt))
+ if ((*fmt == '\0') || !strchr("iuxs", *fmt))
return -1;
/* convert qualifier (bhL) to byte size */
--
1.7.8.3
More information about the devicetree-discuss
mailing list