[PATCH 8/8] RFC: Check offset in fdt_string()

Simon Glass sjg at chromium.org
Tue Jan 22 07:59:22 EST 2013


(We probably don't want this patch, and certainly can't apply it as is,
but I send it in order to find out the intent of fdt_string()).

At present fdt_string() says that returns:

   - a pointer to the string, on success
   - NULL, if stroffset is out of bounds

However it does not in fact return NULL. Changing it to do so also
breaks 15 tests (segfault).

What is the intended behaviour of this function, please?
Signed-off-by: Simon Glass <sjg at chromium.org>
---
 libfdt/fdt_ro.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/libfdt/fdt_ro.c b/libfdt/fdt_ro.c
index 50007f6..cba8772 100644
--- a/libfdt/fdt_ro.c
+++ b/libfdt/fdt_ro.c
@@ -77,6 +77,8 @@ static int _fdt_nodename_eq(const void *fdt, int offset,
 
 const char *fdt_string(const void *fdt, int stroffset)
 {
+	if (stroffset < 0 || stroffset >= fdt_size_dt_strings(fdt))
+		return NULL;
 	return (const char *)fdt + fdt_off_dt_strings(fdt) + stroffset;
 }
 
-- 
1.7.7.3



More information about the devicetree-discuss mailing list