diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-12-13 22:13:55 +0100 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-12-13 22:13:55 +0100 |
| commit | 531d2644f3b10098dadb25b2c26cf19ec0330f90 (patch) | |
| tree | 7de45b29f353ac555bbe7d3ac383d6b5c94cb199 /scripts/dtc/libfdt/fdt.c | |
| parent | Merge tag 'hwmon-for-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g... (diff) | |
| parent | dt-bindings: leds: Add missing references to common LED schema (diff) | |
| download | linux-531d2644f3b10098dadb25b2c26cf19ec0330f90.tar.xz linux-531d2644f3b10098dadb25b2c26cf19ec0330f90.zip | |
Merge tag 'devicetree-for-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux
Pull devicetree updates from Rob Herring:
"DT Bindings:
- Various LED binding conversions and clean-ups. Convert the
ir-spi-led, pwm-ir-tx, and gpio-ir-tx LED bindings to schemas.
Consistently reference LED common.yaml or multi-led schemas and
disallow undefined properties.
- Convert IDT 89HPESx, pwm-clock, st,stmipid02, Xilinx PCIe hosts,
and fsl,imx-fb bindings to schema
- Add ata-generic, Broadcom u-boot environment, and dynamic MTD
sub-partitions bindings.
- Make all SPI based displays reference spi-peripheral-props.yaml
- Fix some schema property regex's which should be fixed strings or
were missing start/end anchors
- Remove 'status' in examples, again...
DT Core:
- Fix a possible NULL dereference in overlay functions
- Fix kexec reading 32-bit "linux,initrd-{start,end}" values (which
never worked)
- Add of_address_count() helper to count number of 'reg' entries
- Support .dtso extension for DT overlay source files. Rename staging
and unittest overlay files.
- Update dtc to upstream v1.6.1-63-g55778a03df61"
* tag 'devicetree-for-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (42 commits)
dt-bindings: leds: Add missing references to common LED schema
dt-bindings: leds: intel,lgm: Add missing 'led-gpios' property
of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
dt-bindings: lcdif: Fix constraints for imx8mp
media: dt-bindings: atmel,isc: Drop unneeded unevaluatedProperties
dt-bindings: Drop Jee Heng Sia
dt-bindings: thermal: cooling-devices: Add missing cache related properties
dt-bindings: leds: irled: ir-spi-led: convert to DT schema
dt-bindings: leds: irled: pwm-ir-tx: convert to DT schema
dt-bindings: leds: irled: gpio-ir-tx: convert to DT schema
dt-bindings: leds: mt6360: rework to match multi-led
dt-bindings: leds: lp55xx: rework to match multi-led
dt-bindings: leds: lp55xx: switch to preferred 'gpios' suffix
dt-bindings: leds: lp55xx: allow label
dt-bindings: leds: use unevaluatedProperties for common.yaml
dt-bindings: thermal: tsens: Add SM6115 compatible
of/kexec: Fix reading 32-bit "linux,initrd-{start,end}" values
dt-bindings: display: Convert fsl,imx-fb.txt to dt-schema
dt-bindings: Add missing start and/or end of line regex anchors
dt-bindings: qcom,pdc: Add missing compatibles
...
Diffstat (limited to 'scripts/dtc/libfdt/fdt.c')
| -rw-r--r-- | scripts/dtc/libfdt/fdt.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/scripts/dtc/libfdt/fdt.c b/scripts/dtc/libfdt/fdt.c index 9fe7cf4b747d..20c6415b9ced 100644 --- a/scripts/dtc/libfdt/fdt.c +++ b/scripts/dtc/libfdt/fdt.c @@ -106,7 +106,6 @@ int fdt_check_header(const void *fdt) } hdrsize = fdt_header_size(fdt); if (!can_assume(VALID_DTB)) { - if ((fdt_totalsize(fdt) < hdrsize) || (fdt_totalsize(fdt) > INT_MAX)) return -FDT_ERR_TRUNCATED; @@ -115,9 +114,7 @@ int fdt_check_header(const void *fdt) if (!check_off_(hdrsize, fdt_totalsize(fdt), fdt_off_mem_rsvmap(fdt))) return -FDT_ERR_TRUNCATED; - } - if (!can_assume(VALID_DTB)) { /* Bounds check structure block */ if (!can_assume(LATEST) && fdt_version(fdt) < 17) { if (!check_off_(hdrsize, fdt_totalsize(fdt), @@ -165,7 +162,7 @@ const void *fdt_offset_ptr(const void *fdt, int offset, unsigned int len) uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset) { const fdt32_t *tagp, *lenp; - uint32_t tag; + uint32_t tag, len, sum; int offset = startoffset; const char *p; @@ -191,12 +188,19 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset) lenp = fdt_offset_ptr(fdt, offset, sizeof(*lenp)); if (!can_assume(VALID_DTB) && !lenp) return FDT_END; /* premature end */ + + len = fdt32_to_cpu(*lenp); + sum = len + offset; + if (!can_assume(VALID_DTB) && + (INT_MAX <= sum || sum < (uint32_t) offset)) + return FDT_END; /* premature end */ + /* skip-name offset, length and value */ - offset += sizeof(struct fdt_property) - FDT_TAGSIZE - + fdt32_to_cpu(*lenp); + offset += sizeof(struct fdt_property) - FDT_TAGSIZE + len; + if (!can_assume(LATEST) && - fdt_version(fdt) < 0x10 && fdt32_to_cpu(*lenp) >= 8 && - ((offset - fdt32_to_cpu(*lenp)) % 8) != 0) + fdt_version(fdt) < 0x10 && len >= 8 && + ((offset - len) % 8) != 0) offset += 4; break; |