[PATCH] fdt: off by one in ofnode_lookup_fdt()
Simon Glass
sjg at chromium.org
Thu Jul 27 02:49:59 CEST 2023
Hi Dan,
On Wed, 26 Jul 2023 at 00:59, Dan Carpenter <dan.carpenter at linaro.org> wrote:
>
> The "oftree_count" is the number of entries which have been set in
> the oftree_list[] array. If all the entries have been initialized then
> this off by one would result in reading one element beyond the end
> of the array.
>
> Signed-off-by: Dan Carpenter <dan.carpenter at linaro.org>
> ---
> drivers/core/ofnode.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Glass <sjg at chromium.org>
Thanks. It can be helpful to add 'Fixes:' tags on such patches.
>
> diff --git a/drivers/core/ofnode.c b/drivers/core/ofnode.c
> index 8df16e56af5c..a4dc9bde085c 100644
> --- a/drivers/core/ofnode.c
> +++ b/drivers/core/ofnode.c
> @@ -103,7 +103,7 @@ void *ofnode_lookup_fdt(ofnode node)
> if (gd->flags & GD_FLG_RELOC) {
> uint i = OFTREE_TREE_ID(node.of_offset);
>
> - if (i > oftree_count) {
> + if (i >= oftree_count) {
> log_debug("Invalid tree ID %x\n", i);
> return NULL;
> }
> --
> 2.39.2
>
Regards,
Simon
More information about the U-Boot
mailing list