[PATCH] boot: Check noffset before use

[Marek Vasut]

If noffset is negative, do not pass it to fit_get_name() and then further to
libfdt, this will crash sandbox with SIGSEGV because libfdt can not handle
negative node offsets without full tree check, which U-Boot inhibits to keep
size lower.

Instead, always check noffset before use, and if the return value indicates
failure, exit right away.

Signed-off-by: Marek Vasut <marek.vasut+renesas at mailbox.org>
---
Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
Cc: Quentin Schulz <quentin.schulz at cherry.de>
Cc: Simon Glass <sjg at chromium.org>
Cc: Tom Rini <trini at konsulko.com>
Cc: Wolfgang Wallner <wolfgang.wallner at br-automation.com>
Cc: u-boot at lists.denx.de
---
 boot/image-fit.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/boot/image-fit.c b/boot/image-fit.c
index cccaa48f683..35595f15ac3 100644
--- a/boot/image-fit.c
+++ b/boot/image-fit.c
@@ -2137,7 +2137,6 @@ int fit_image_load(struct bootm_headers *images, ulong addr,
 
 		noffset = fit_conf_get_prop_node(fit, cfg_noffset, prop_name,
 						 image_ph_phase(ph_type));
-		fit_uname = fit_get_name(fit, noffset, NULL);
 	}
 	if (noffset < 0) {
 		printf("Could not find subimage node type '%s'\n", prop_name);
@@ -2145,6 +2144,9 @@ int fit_image_load(struct bootm_headers *images, ulong addr,
 		return -ENOENT;
 	}
 
+	if (!fit_uname)
+		fit_uname = fit_get_name(fit, noffset, NULL);
+
 	printf("   Trying '%s' %s subimage\n", fit_uname, prop_name);
 
 	ret = fit_image_select(fit, noffset, images->verify);
-- 
2.51.0