[PATCH v4] fdt: Check return value of fdt_get_name() calls
Tom Rini
trini at konsulko.com
Sat Jun 13 20:04:37 CEST 2026
On Tue, Jun 02, 2026 at 07:27:52PM +0100, Anton Ivanov wrote:
> fdt_get_name() can return NULL and set len to a negative error code.
> fdt_find_regions() does not check for this, leading to a potential NULL
> pointer dereference and a buffer out-of-bounds write during signature
> verification of an untrusted FIT. fdt_next_region(), fdt_check_full(),
> and display_fdt_by_regions() also lack validation.
>
> Add NULL checks and propagate the error code from fdt_get_name()
> to the caller.
>
> Signed-off-by: Anton Ivanov <anton at binarly.io>
> Reviewed-by: Simon Glass <sjg at chromium.org>
Applied to u-boot/next, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260613/d9956efc/attachment.sig>
More information about the U-Boot
mailing list