[PATCH v2] fdt: Check return value of fdt_get_name() calls
Simon Glass
sjg at chromium.org
Wed May 27 06:46:45 CEST 2026
Hi Anton,
On Tue, 26 May 2026 at 14:41, Anton Ivanov <anton at binarly.io> wrote:
>
> From: Binarly Vulnerability Research <vr at binarly.io>
Is this a person? If so, can you use his/her name? As it stands it
seems like an orgnisation rather than a person.
>
> fdt_get_name() can return NULL and set len to a negative error code.
> fdt_find_regions() does not check for this, leading to a potential NULL
> pointer dereference and a buffer out-of-bounds write. fdt_next_region(),
> fdt_check_full(), and display_fdt_by_regions() also lack validation.
>
> Add NULL checks and propagate the error code from fdt_get_name()
> to the caller.
>
> Signed-off-by: Binarly Vulnerability Research <vr at binarly.io>
> ---
> Changes in v2:
> - Rewrite commit message to be concise per maintainer feedback
> - Don't mask fdt_get_name() returned error
>
> boot/fdt_region.c | 5 +++++
> scripts/dtc/libfdt/fdt_ro.c | 3 +++
> tools/fdtgrep.c | 3 +++
> 3 files changed, 11 insertions(+)
>
Regards,
Simon
More information about the U-Boot
mailing list