[PATCH 3/3] libfdt: Check fdt_offset_ptr() return value unconditionally

[Marek Vasut]

The fdt_offset_ptr() may return NULL pointer, check the return
value from fdt_offset_ptr() for NULL unconditionally to prevent
sandbox crashes.

Signed-off-by: Marek Vasut <marek.vasut+renesas at mailbox.org>
---
Cc: Adriano Cordova <adrianox at gmail.com>
Cc: Andrew Goodbody <andrew.goodbody at linaro.org>
Cc: Christian Marangi <ansuelsmth at gmail.com>
Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
Cc: Patrice Chotard <patrice.chotard at foss.st.com>
Cc: Sam Edwards <cfsworks at gmail.com>
Cc: Simon Glass <sjg at chromium.org>
Cc: Tom Rini <trini at konsulko.com>
Cc: u-boot at lists.denx.de
---
 scripts/dtc/libfdt/fdt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/dtc/libfdt/fdt.c b/scripts/dtc/libfdt/fdt.c
index 95f644c31f9..d16cc3d4730 100644
--- a/scripts/dtc/libfdt/fdt.c
+++ b/scripts/dtc/libfdt/fdt.c
@@ -168,7 +168,7 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset)
 
 	*nextoffset = -FDT_ERR_TRUNCATED;
 	tagp = fdt_offset_ptr(fdt, offset, FDT_TAGSIZE);
-	if (!can_assume(VALID_DTB) && !tagp)
+	if (!tagp)
 		return FDT_END; /* premature end */
 	tag = fdt32_to_cpu(*tagp);
 	offset += FDT_TAGSIZE;
@@ -186,7 +186,7 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset)
 
 	case FDT_PROP:
 		lenp = fdt_offset_ptr(fdt, offset, sizeof(*lenp));
-		if (!can_assume(VALID_DTB) && !lenp)
+		if (!lenp)
 			return FDT_END; /* premature end */
 
 		len = fdt32_to_cpu(*lenp);
-- 
2.51.0