Fwd: [BUG] bootm.c: Incorrect use of ft_len as end address in check_overlap()
Osaka Osaka
00601wayne at gmail.com
Wed Jun 18 08:38:36 CEST 2025
Hi U-Boot maintainers,
I would like to report a potential issue in bootm.c regarding FDT/OS image
overlap checking.
In current mainline code:
https://github.com/u-boot/u-boot/blob/master/boot/bootm.c#L448
We have the following logic:
if (check_overlap("FDT", map_to_sysmem(images->ft_addr),
images->ft_len, start, size))
return 1;
However, `check_overlap()` expects the second and third parameters to be a
memory **range**: [start, end). Here, `images->ft_len` is being passed
directly as the `end` address, but in reality it is the **length**, not the
end.
This is misleading and could potentially cause overlap checks to pass
incorrectly, especially if `map_to_sysmem(images->ft_addr)` is non-zero.
To fix it, we should properly compute the end address:
```c
ulong fdt_start = map_to_sysmem(images->ft_addr);
ulong fdt_end = fdt_start + images->ft_len;
if (check_overlap("FDT", fdt_start, fdt_end, start, start + size))
return 1;
if (check_overlap("FDT",
map_to_sysmem(images->ft_addr),
map_to_sysmem(images->ft_addr) + images->ft_len,
start, start + size))
return 1;
Let me know if I should send a proper patch for this.
--
*Best Regards*
*Wayne Lin*
--
*Best Regards*
*Wayne Lin*
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-bootm-fix-fdt-overlap-check.patch
Type: application/x-patch
Size: 1305 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250618/4223469d/attachment.bin>
More information about the U-Boot
mailing list