commit | d0b3ab0a0f46ac929b4713da46f7fdcd893dd3bd | [log] [tgz] |
---|---|---|
author | David Gibson <david@gibson.dropbear.id.au> | Thu Dec 17 17:19:11 2015 +1100 |
committer | David Gibson <david@gibson.dropbear.id.au> | Thu Dec 17 17:19:11 2015 +1100 |
tree | 17801dc0734fd037b38fbc1c3f2c29a329eaf7f0 | |
parent | d4c7c25c9ed138df8bafbe61097c27c9d2629ee3 [diff] |
libfdt: Fix undefined behaviour in fdt_offset_ptr() Using pointer arithmetic to generate a pointer outside a known object is, technically, undefined behaviour in C. Unfortunately, we were using that in fdt_offset_ptr() to detect overflows. To fix this we need to do our bounds / overflow checking on the offsets before constructing pointers from them. Reported-by: David Binderman <dcb314@hotmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>