[PATCH 2/3] lib: fix __fdt_parse_region()

Xiang W wxjstz at 126.com
Wed Dec 7 09:01:03 PST 2022


在 2022-12-07星期三的 15:07 +0100,Heinrich Schuchardt写道:
> If fdt_getprop() returns NULL, this indicates an error. In this case lenp
> is set to an error code. But even if lenp = 0 we should not continue.
> 
> If fdt_getprop() returns a wider value than we expect this is a separate
> error condition.
> 
> In both cases the device-tree is invalid.
> 
> Addresses-Coverity-ID: 1529703 ("Dereference after null check")
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
>  lib/utils/fdt/fdt_domain.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/utils/fdt/fdt_domain.c b/lib/utils/fdt/fdt_domain.c
> index bd0eec3..6051025 100644
> --- a/lib/utils/fdt/fdt_domain.c
> +++ b/lib/utils/fdt/fdt_domain.c
> @@ -246,7 +246,7 @@ static int __fdt_parse_region(void *fdt, int domain_offset,
>  
>         /* Read "base" DT property */
>         val = fdt_getprop(fdt, region_offset, "base", &len);
> -       if (!val && len >= 8)
> +       if (!val || len >= 8)
When len is less than 8, the complete val64 cannot be read, and it can
only be equal to 8 here, so it should be modified as follows
          if (!val || len != 8)
>                 return SBI_EINVAL;
>         val64 = fdt32_to_cpu(val[0]);
>         val64 = (val64 << 32) | fdt32_to_cpu(val[1]);
> @@ -254,7 +254,7 @@ static int __fdt_parse_region(void *fdt, int domain_offset,
>  
>         /* Read "order" DT property */
>         val = fdt_getprop(fdt, region_offset, "order", &len);
> -       if (!val && len >= 4)
> +       if (!val || len >= 4)
When len is less than 4, the complete val32 cannot be read, and it can
only be equal to 4 here, so it should be modified as follows
           if (!val || len != 4)
>                 return SBI_EINVAL;
>         val32 = fdt32_to_cpu(*val);
>         if (val32 < 3 || __riscv_xlen < val32)
> -- 
> 2.37.2
> 
> 
Regards,
Xiang W




More information about the opensbi mailing list