[PATCH v2] fdt: Check return value of fdt_get_name() calls
Anton Ivanov
anton at binarly.io
Wed May 27 13:27:32 CEST 2026
Hi Simon,
> Is this a person? If so, can you use his/her name? As it stands it
> seems like an orgnisation rather than a person.
We changed it to personal email in all the patches.
Thank you,
Anton
On Wed, May 27, 2026 at 5:46 AM Simon Glass <sjg at chromium.org> wrote:
> Hi Anton,
>
> On Tue, 26 May 2026 at 14:41, Anton Ivanov <anton at binarly.io> wrote:
> >
> > From: Binarly Vulnerability Research <vr at binarly.io>
>
> Is this a person? If so, can you use his/her name? As it stands it
> seems like an orgnisation rather than a person.
>
> >
> > fdt_get_name() can return NULL and set len to a negative error code.
> > fdt_find_regions() does not check for this, leading to a potential NULL
> > pointer dereference and a buffer out-of-bounds write. fdt_next_region(),
> > fdt_check_full(), and display_fdt_by_regions() also lack validation.
> >
> > Add NULL checks and propagate the error code from fdt_get_name()
> > to the caller.
> >
> > Signed-off-by: Binarly Vulnerability Research <vr at binarly.io>
> > ---
> > Changes in v2:
> > - Rewrite commit message to be concise per maintainer feedback
> > - Don't mask fdt_get_name() returned error
> >
> > boot/fdt_region.c | 5 +++++
> > scripts/dtc/libfdt/fdt_ro.c | 3 +++
> > tools/fdtgrep.c | 3 +++
> > 3 files changed, 11 insertions(+)
> >
>
> Regards,
> Simon
>
More information about the U-Boot
mailing list