[PATCH] test: dm: fdtdec: Validate FDT size in unit test

Tue Dec 9 16:55:38 CET 2025

The current FDT decoding tests calculate the memory required
for FDT manipulation by directly adding a fixed margin to
fdt_totalsize(gd->fdt_blob). The static analyzer flagged
"gd->fdt_blob->totalsize" as a tainted value being passed
to fdt_open_into().

Ensure the size is validated by checking that the total size
is within a reasonable maximum FDT limit for unit tests.

Signed-off-by: Adriana Nicolae <adriana at arista.com>
---
 test/dm/fdtdec.c | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/test/dm/fdtdec.c b/test/dm/fdtdec.c
index ea5a494612c..495f57234a4 100644
--- a/test/dm/fdtdec.c
+++ b/test/dm/fdtdec.c
@@ -14,14 +14,19 @@
 
 DECLARE_GLOBAL_DATA_PTR;
 
+#define FDTDEC_MAX_SIZE  (2 * 1024 * 1024)
+
 static int dm_test_fdtdec_set_carveout(struct unit_test_state *uts)
 {
 	struct fdt_memory resv;
 	void *blob;
 	const fdt32_t *prop;
-	int blob_sz, len, offset;
+	int blob_sz, len, offset, fdt_sz;
+
+	fdt_sz = fdt_totalsize(gd->fdt_blob);
+	ut_assert(fdt_sz > 0 && fdt_sz < FDTDEC_MAX_SIZE);
 
-	blob_sz = fdt_totalsize(gd->fdt_blob) + 4096;
+	blob_sz = fdt_sz + 4096;
 	blob = malloc(blob_sz);
 	ut_assertnonnull(blob);
 
@@ -67,10 +72,13 @@ static int dm_test_fdtdec_add_reserved_memory(struct unit_test_state *uts)
 	fdt_size_t size;
 	void *blob;
 	unsigned long flags = FDTDEC_RESERVED_MEMORY_NO_MAP;
-	int blob_sz, parent, subnode;
+	int blob_sz, parent, subnode, fdt_sz;
 	uint32_t phandle, phandle1;
 
-	blob_sz = fdt_totalsize(gd->fdt_blob) + 128;
+	fdt_sz = fdt_totalsize(gd->fdt_blob);
+	ut_assert(fdt_sz > 0 && fdt_sz < FDTDEC_MAX_SIZE);
+
+	blob_sz = fdt_sz + 128;
 	blob = malloc(blob_sz);
 	ut_assertnonnull(blob);
 
@@ -138,14 +146,17 @@ static int dm_test_fdt_chosen_smbios(struct unit_test_state *uts)
 	void *blob;
 	ulong val;
 	struct smbios3_entry *entry;
-	int chosen, blob_sz;
+	int chosen, blob_sz, fdt_sz;
 	const fdt64_t *prop;
 
 	if (!CONFIG_IS_ENABLED(GENERATE_SMBIOS_TABLE)) {
 		return -EAGAIN;
 	}
 
-	blob_sz = fdt_totalsize(gd->fdt_blob) + 4096;
+	fdt_sz = fdt_totalsize(gd->fdt_blob);
+	ut_assert(fdt_sz > 0 && fdt_sz < FDTDEC_MAX_SIZE);
+
+	blob_sz = fdt_sz + 4096;
 	blob = memalign(8, blob_sz);
 	ut_assertnonnull(blob);
 

---
base-commit: 0e0a198a68be71148f5ec27ef86796174f91436f
change-id: 20251209-fdtdec-8f78610ead48

Best regards,
-- 
Adriana Nicolae <adriana at arista.com>

