len0rd/dtc
1
0
Fork 0
mirror of https://github.com/dgibson/dtc.git synced 2025-12-08 12:45:29 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

libfdt: Safer access to memory reservations

Browse source 
fdt_num_mem_rsv() and fdt_get_mem_rsv() currently don't sanity check their
parameters, or the memory reserve section offset in the header.  That means
that on a corrupted blob they could access outside of the range of memory
that they should.

This improves their safety checking, meaning they shouldn't access outside
the blob's bounds, even if its contents are badly corrupted.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
David Gibson 2018-03-09 23:28:56 +11:00
parent 719d582e98
commit d5db5382c5
7 changed files with 114 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/Makefile.tests
View file

@ -29,7 +29,7 @@ LIB_TESTS_L = get_mem_rsv \
check_path check_header
LIB_TESTS = $(LIB_TESTS_L:%=$(TESTS_PREFIX)%)
LIBTREE_TESTS_L = truncated_property truncated_string
LIBTREE_TESTS_L = truncated_property truncated_string truncated_memrsv
LIBTREE_TESTS = $(LIBTREE_TESTS_L:%=$(TESTS_PREFIX)%)
DL_LIB_TESTS_L = asm_tree_dump value-labels