[PATCH v4] fdt_region: Check return value of fdt_get_property_by_offset() calls
Tom Rini
trini at konsulko.com
Sat Jun 13 20:04:24 CEST 2026
On Tue, Jun 02, 2026 at 07:30:17PM +0100, Anton Ivanov wrote:
> fdt_get_property_by_offset() returns NULL for FDT with version
> less than 0x10. fdt_find_regions() dereferences the result without
> checking, leading to a NULL pointer dereference during signature
> verification of an untrusted FIT. fdt_add_alias_regions() and
> fdt_next_region() also lack validation.
>
> Add NULL checks before accessing the returned property pointer.
> Also add a missing NULL check for fdt_string() in
> fdt_add_alias_regions() and fdt_next_region().
>
> Signed-off-by: Anton Ivanov <anton at binarly.io>
Applied to u-boot/next, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260613/255b6c7a/attachment.sig>
More information about the U-Boot
mailing list