diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2016-07-06 16:25:55 +0200 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2016-07-06 16:25:55 +0200 |
| commit | ea1a25c3348abc33d7d94db28501766adf3d1c7d (patch) | |
| tree | ca3c5c8b72532117034dd2d57a2a85eead13db7b /scripts/dtc/flattree.c | |
| parent | SCSI: fix new bug in scsi_dev_info_list string matching (diff) | |
| parent | qla2xxx: Fix NULL pointer deref in QLA interrupt (diff) | |
| download | linux-ea1a25c3348abc33d7d94db28501766adf3d1c7d.tar.xz linux-ea1a25c3348abc33d7d94db28501766adf3d1c7d.zip | |
Merge branch 'jejb-fixes' into fixes
Diffstat (limited to 'scripts/dtc/flattree.c')
| -rw-r--r-- | scripts/dtc/flattree.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/dtc/flattree.c b/scripts/dtc/flattree.c index bd99fa2d33b8..ec14954f5810 100644 --- a/scripts/dtc/flattree.c +++ b/scripts/dtc/flattree.c @@ -889,7 +889,7 @@ struct boot_info *dt_from_blob(const char *fname) if (version >= 3) { uint32_t size_str = fdt32_to_cpu(fdt->size_dt_strings); - if (off_str+size_str > totalsize) + if ((off_str+size_str < off_str) || (off_str+size_str > totalsize)) die("String table extends past total size\n"); inbuf_init(&strbuf, blob + off_str, blob + off_str + size_str); } else { @@ -898,7 +898,7 @@ struct boot_info *dt_from_blob(const char *fname) if (version >= 17) { size_dt = fdt32_to_cpu(fdt->size_dt_struct); - if (off_dt+size_dt > totalsize) + if ((off_dt+size_dt < off_dt) || (off_dt+size_dt > totalsize)) die("Structure block extends past total size\n"); } |