[PATCH] lib: fdtdec: validate bloblist FDT before consuming libfdt size
Tom Rini
trini at konsulko.com
Mon May 4 22:37:05 CEST 2026
On Fri, May 01, 2026 at 06:28:00PM -0400, Raymond Mao wrote:
> From: Raymond Mao <raymond.mao at riscstar.com>
>
> Coverity Scan defects are observed in fdtdec_apply_bloblist_dtos(),
> since the live FDT taken from the bloblist is passed to libfdt helpers
> which consume header size/offset fields:
> - fdt_open_into()
> - fdt_pack()
> - bloblist_resize(..., fdt_totalsize(...))
>
> Add a small helper to validate the FDT header and confirm that the
> advertised totalsize fits within the currently allocated bloblist
> record. Use the sanitized size before calling fdt_open_into(), again
> after overlays are applied before calling fdt_pack(), and once more
> after packing before shrinking the bloblist record.
>
> This keeps the existing flow unchanged while making the size consumers
> operate on validated FDT metadata.
>
> Fixes: b70cbbfbf94f ("fdtdec: apply DT overlays from bloblist")
> Addresses-Coverity-ID: CID 645837: (TAINTED_SCALAR)
> Signed-off-by: Raymond Mao <raymond.mao at riscstar.com>
Now that I've applied Michal's fix for the other CID, can you please
rebase this on top of master? Thanks.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260504/ca8e269c/attachment.sig>
More information about the U-Boot
mailing list