Google Git
Sign in
fuchsia / third_party / dtc / d0b3ab0a0f46ac929b4713da46f7fdcd893dd3bd
commitd0b3ab0a0f46ac929b4713da46f7fdcd893dd3bd[log] [tgz]
authorDavid Gibson <david@gibson.dropbear.id.au>Thu Dec 17 17:19:11 2015 +1100
committerDavid Gibson <david@gibson.dropbear.id.au>Thu Dec 17 17:19:11 2015 +1100
tree17801dc0734fd037b38fbc1c3f2c29a329eaf7f0
parentd4c7c25c9ed138df8bafbe61097c27c9d2629ee3 [diff]
libfdt: Fix undefined behaviour in fdt_offset_ptr()

Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C.  Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.

To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.

Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
1 file changed
tree: 17801dc0734fd037b38fbc1c3f2c29a329eaf7f0
  1. Documentation/
  2. libfdt/
  3. scripts/
  4. tests/
  5. .gitignore
  6. .travis.yml
  7. checks.c
  8. convert-dtsv0-lexer.l
  9. data.c
  10. dtc-lexer.l
  11. dtc-parser.y
  12. dtc.c
  13. dtc.h
  14. dtdiff
  15. fdtdump.c
  16. fdtget.c
  17. fdtput.c
  18. flattree.c
  19. fstree.c
  20. GPL
  21. livetree.c
  22. Makefile
  23. Makefile.convert-dtsv0
  24. Makefile.dtc
  25. Makefile.utils
  26. README
  27. README.license
  28. srcpos.c
  29. srcpos.h
  30. TODO
  31. treesource.c
  32. util.c
  33. util.h