[U-Boot] (patch) segfault when calling fit_check_format() on corrupt FIT images
Jon Nalley
lists at bluebot.org
Fri Mar 5 18:27:19 CET 2010
All,
I found that fit_check_format() was causing a segfault when run on a
corrupt FIT image. I tracked the problem down to line 92 in
libfdt/fdt_ro.c in _fdt_string_eq():
return (strlen(p) == len) && (memcmp(p, s, len) == 0);
In the case of a corrupt FIT image one can't depend on 'p' being NULL
terminated. I changed it to use strnlen() to fix the issue.
--- a/libfdt/fdt_ro.c Fri Mar 05 06:52:52 2010 -0600
+++ b/libfdt/fdt_ro.c Fri Mar 05 11:10:21 2010 -0600
@@ -89,7 +89,7 @@
{
const char *p = fdt_string(fdt, stroffset);
- return (strlen(p) == len) && (memcmp(p, s, len) == 0);
+ return (strnlen(p, len) == len) && (memcmp(p, s, len) == 0);
}
int fdt_get_mem_rsv(const void *fdt, int n, uint64_t *address, uint64_t *size)
More information about the U-Boot
mailing list