If noffset is negative, do not pass it to fit_get_name() and then further to libfdt, this will crash sandbox with SIGSEGV because libfdt can not handle negative node offsets without full tree check, which U-Boot inhibits to keep size lower.
Instead, always check noffset before use, and if the return value indicates failure, exit right away. Signed-off-by: Marek Vasut <[email protected]> --- Cc: Heinrich Schuchardt <[email protected]> Cc: Quentin Schulz <[email protected]> Cc: Simon Glass <[email protected]> Cc: Tom Rini <[email protected]> Cc: Wolfgang Wallner <[email protected]> Cc: [email protected] --- boot/image-fit.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/boot/image-fit.c b/boot/image-fit.c index cccaa48f683..35595f15ac3 100644 --- a/boot/image-fit.c +++ b/boot/image-fit.c @@ -2137,7 +2137,6 @@ int fit_image_load(struct bootm_headers *images, ulong addr, noffset = fit_conf_get_prop_node(fit, cfg_noffset, prop_name, image_ph_phase(ph_type)); - fit_uname = fit_get_name(fit, noffset, NULL); } if (noffset < 0) { printf("Could not find subimage node type '%s'\n", prop_name); @@ -2145,6 +2144,9 @@ int fit_image_load(struct bootm_headers *images, ulong addr, return -ENOENT; } + if (!fit_uname) + fit_uname = fit_get_name(fit, noffset, NULL); + printf(" Trying '%s' %s subimage\n", fit_uname, prop_name); ret = fit_image_select(fit, noffset, images->verify); -- 2.51.0
