On Wed, Jun 18, 2025 at 02:38:36PM +0800, Osaka Osaka wrote: > Hi U-Boot maintainers, > > I would like to report a potential issue in bootm.c regarding FDT/OS image > overlap checking. > > In current mainline code: > > https://github.com/u-boot/u-boot/blob/master/boot/bootm.c#L448 > > We have the following logic: > > if (check_overlap("FDT", map_to_sysmem(images->ft_addr), > images->ft_len, start, size)) > return 1; > > However, `check_overlap()` expects the second and third parameters to be a > memory **range**: [start, end). Here, `images->ft_len` is being passed > directly as the `end` address, but in reality it is the **length**, not the > end. > > This is misleading and could potentially cause overlap checks to pass > incorrectly, especially if `map_to_sysmem(images->ft_addr)` is non-zero. > > To fix it, we should properly compute the end address: > > ```c > ulong fdt_start = map_to_sysmem(images->ft_addr); > ulong fdt_end = fdt_start + images->ft_len; > > if (check_overlap("FDT", fdt_start, fdt_end, start, start + size)) > return 1; > > > if (check_overlap("FDT", > map_to_sysmem(images->ft_addr), > map_to_sysmem(images->ft_addr) + images->ft_len, > start, start + size)) > return 1; > > > > Let me know if I should send a proper patch for this.
Thanks for the report, yes, please do. -- Tom
signature.asc
Description: PGP signature
