Dear Das U-Boot developers, I found that the u-boot device tree implementation lacks a check for the off_dt_struct field in the device tree.
In file scripts\dtc\libfdt\libfdt_internal.h, fdt_offset_ptr_ returns the dt struct address. It calculates the address by adding the header address, fdt offset, and a specified offset. However, the fdt offset is read from the device tree and lacks a proper check. The returned pointer can even point to any address, leading to arbitrary read or write. Could you please confirm it is a vulnerability? best regards Jianqiang
