[PATCH v4] fdt: Check return value of fdt_get_name() calls
Simon Glass
sjg at chromium.org
Sat Jun 6 00:08:04 CEST 2026
On 2026-06-02T18:27:52, Anton Ivanov <anton at binarly.io> wrote:
> fdt: Check return value of fdt_get_name() calls
>
> fdt_get_name() can return NULL and set len to a negative error code.
> fdt_find_regions() does not check for this, leading to a potential NULL
> pointer dereference and a buffer out-of-bounds write during signature
> verification of an untrusted FIT. fdt_next_region(), fdt_check_full(),
> and display_fdt_by_regions() also lack validation.
>
> Add NULL checks and propagate the error code from fdt_get_name()
> to the caller.
>
> Signed-off-by: Anton Ivanov <anton at binarly.io>
>
> boot/fdt_region.c | 5 +++++
> scripts/dtc/libfdt/fdt_ro.c | 3 +++
> tools/fdtgrep.c | 3 +++
> 3 files changed, 11 insertions(+)
Reviewed-by: Simon Glass <sjg at chromium.org>
(a test would be nice!)
More information about the U-Boot
mailing list