[PATCH v4] of: fdt: fix possible overflow during parsing of fdt
Sascha Hauer
s.hauer at pengutronix.de
Mon Nov 25 02:23:43 PST 2024
On Thu, 14 Nov 2024 17:51:14 +0200, Abdelrahman Youssef wrote:
> While fuzzing, the name marked by FDT_BEGIN_NODE sometimes extends beyond
> the struct block area, causing a heap-overflow.
>
> Since `maxlen` is an unsigned integer representing the length of name,
> It can be negative, so it overflows to large numbers, Causing strnlen()
> to overflow.
>
> [...]
Applied, thanks!
[1/1] of: fdt: fix possible overflow during parsing of fdt
https://git.pengutronix.de/cgit/barebox/commit/?id=7a3cb7e6fd63 (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer at pengutronix.de>
More information about the barebox
mailing list