All,
I found that fit_check_format() was causing a segfault when run on a
corrupt FIT image. I tracked the problem down to line 92 in
libfdt/fdt_ro.c in _fdt_string_eq():
return (strlen(p) == len) && (memcmp(p, s, len) == 0);
In the case of a corrupt FIT image one can't depend on 'p' being NULL
terminated. I changed it to use strnlen() to fix the issue.
--- a/libfdt/fdt_ro.c Fri Mar 05 06:52:52 2010 -0600
+++ b/libfdt/fdt_ro.c Fri Mar 05 11:10:21 2010 -0600
@@ -89,7 +89,7 @@
{
const char *p = fdt_string(fdt, stroffset);
- return (strlen(p) == len) && (memcmp(p, s, len) == 0);
+ return (strnlen(p, len) == len) && (memcmp(p, s, len) == 0);
}
int fdt_get_mem_rsv(const void *fdt, int n, uint64_t *address, uint64_t *size)
_______________________________________________
U-Boot mailing list
[email protected]
http://lists.denx.de/mailman/listinfo/u-boot
