[PATCH] riscv: pi: validate early bootargs before string use

[Pengpeng Hou]

get_early_cmdline() fetches bootargs directly from the FDT and
immediately passes the raw property pointer to strlen() before copying
it into the early command-line buffer. Flat DT properties are external
boot input, and this path does not prove that bootargs is
NUL-terminated within its declared bounds.

Use fdt_stringlist_get() so malformed unterminated bootargs are
rejected before any C-string helpers walk them.

Signed-off-by: Pengpeng Hou <pengpeng at iscas.ac.cn>
---
 arch/riscv/kernel/pi/cmdline_early.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/arch/riscv/kernel/pi/cmdline_early.c b/arch/riscv/kernel/pi/cmdline_early.c
index 389d086a0718..ac55f1c7ca70 100644
--- a/arch/riscv/kernel/pi/cmdline_early.c
+++ b/arch/riscv/kernel/pi/cmdline_early.c
@@ -13,16 +13,17 @@ static char early_cmdline[COMMAND_LINE_SIZE];
 static char *get_early_cmdline(uintptr_t dtb_pa)
 {
 	const char *fdt_cmdline = NULL;
-	unsigned int fdt_cmdline_size = 0;
+	int fdt_cmdline_size = 0;
 	int chosen_node;
 
 	if (!IS_ENABLED(CONFIG_CMDLINE_FORCE)) {
 		chosen_node = fdt_path_offset((void *)dtb_pa, "/chosen");
 		if (chosen_node >= 0) {
-			fdt_cmdline = fdt_getprop((void *)dtb_pa, chosen_node,
-						  "bootargs", NULL);
-			if (fdt_cmdline) {
-				fdt_cmdline_size = strlen(fdt_cmdline);
+			fdt_cmdline = fdt_stringlist_get((void *)dtb_pa,
+							 chosen_node,
+							 "bootargs", 0,
+							 &fdt_cmdline_size);
+			if (fdt_cmdline && fdt_cmdline_size > 0) {
 				strscpy(early_cmdline, fdt_cmdline,
 					COMMAND_LINE_SIZE);
 			}
-- 
2.50.1 (Apple Git-155)