Google Git
Sign in
fuchsia / third_party / dtc / 2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb
commit2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb[log] [tgz]
authorAnton Blanchard <anton@samba.org>Sun Jan 03 08:43:35 2016 +1100
committerDavid Gibson <david@gibson.dropbear.id.au>Fri Feb 19 01:08:46 2016 +1100
tree1c498c162608ead00ad8e841967b426df45293b4
parentb06e55c88b9b922ff7e25cd62a4709b65524f0fc [diff]
Catch unsigned 32bit overflow when parsing flattened device tree offsets

We have a couple of checks of the form:

    if (offset+size > totalsize)
        die();

We need to check that offset+size doesn't overflow, otherwise the check
will pass, and we may access past totalsize.

Found with AFL.

Signed-off-by: Anton Blanchard <anton@samba.org>
[Added a testcase]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
5 files changed
tree: 1c498c162608ead00ad8e841967b426df45293b4
  1. Documentation/
  2. libfdt/
  3. scripts/
  4. tests/
  5. .gitignore
  6. .travis.yml
  7. checks.c
  8. convert-dtsv0-lexer.l
  9. data.c
  10. dtc-lexer.l
  11. dtc-parser.y
  12. dtc.c
  13. dtc.h
  14. dtdiff
  15. fdtdump.c
  16. fdtget.c
  17. fdtput.c
  18. flattree.c
  19. fstree.c
  20. GPL
  21. livetree.c
  22. Makefile
  23. Makefile.convert-dtsv0
  24. Makefile.dtc
  25. Makefile.utils
  26. README
  27. README.license
  28. srcpos.c
  29. srcpos.h
  30. TODO
  31. treesource.c
  32. util.c
  33. util.h