On 11/14/25 12:34 AM, Simon Glass wrote:
Hello Simon,
diff --git a/scripts/dtc/libfdt/fdt.c b/scripts/dtc/libfdt/fdt.c
index 95f644c31f9..d16cc3d4730 100644
--- a/scripts/dtc/libfdt/fdt.c
+++ b/scripts/dtc/libfdt/fdt.c
@@ -168,7 +168,7 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int
*nextoffset)
*nextoffset = -FDT_ERR_TRUNCATED;
tagp = fdt_offset_ptr(fdt, offset, FDT_TAGSIZE);
- if (!can_assume(VALID_DTB) && !tagp)
+ if (!tagp)
return FDT_END; /* premature end */
tag = fdt32_to_cpu(*tagp);
offset += FDT_TAGSIZE;
@@ -186,7 +186,7 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int
*nextoffset)
case FDT_PROP:
lenp = fdt_offset_ptr(fdt, offset, sizeof(*lenp));
- if (!can_assume(VALID_DTB) && !lenp)
+ if (!lenp)
return FDT_END; /* premature end */
len = fdt32_to_cpu(*lenp);
--
2.51.0
The can_assume() is there to be respected and helps to reduce code
size. What problem are you actually seeing?
fdt_offset_ptr() can return NULL, and it does in test_spl on sandbox if
I recall it right, because the U-Boot code passes in offsets which can
not be resolved properly and that makes fdt_offset_ptr() return NULL and
trigger SIGSEGV when it is dereferenced here.
That sounds like the FDT is corrupt? Here we are parsing through tags,
so we should really figure out why it is corrupt.
But if note, then we should not be passing bad offsets...so what is
the root cause of that?
These four [1] [2] [3] [4] supersede this patch.
[1]
https://lore.kernel.org/u-boot/[email protected]/
[2]
https://lore.kernel.org/u-boot/[email protected]/
[3]
https://lore.kernel.org/u-boot/[email protected]/
[4]
https://lore.kernel.org/u-boot/[email protected]/
