[U-Boot] (patch) segfault when calling fit_check_format() on corrupt FIT images

Jon Nalley Fri, 05 Mar 2010 09:33:44 -0800

All,

I found that fit_check_format() was causing a segfault when run on a
corrupt FIT image.  I tracked the problem down to line 92 in
libfdt/fdt_ro.c in _fdt_string_eq():


return (strlen(p) == len) && (memcmp(p, s, len) == 0);

In the case of a corrupt FIT image one can't depend on 'p' being NULL
terminated.  I changed it to use strnlen() to fix the issue.

--- a/libfdt/fdt_ro.c   Fri Mar 05 06:52:52 2010 -0600
+++ b/libfdt/fdt_ro.c   Fri Mar 05 11:10:21 2010 -0600
@@ -89,7 +89,7 @@
 {
        const char *p = fdt_string(fdt, stroffset);

-       return (strlen(p) == len) && (memcmp(p, s, len) == 0);
+       return (strnlen(p, len) == len) && (memcmp(p, s, len) == 0);
 }

 int fdt_get_mem_rsv(const void *fdt, int n, uint64_t *address, uint64_t *size)
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] (patch) segfault when calling fit_check_format() on corrupt FIT images

Reply via email to