Browse Source

libfdt: Fix bugs in fdt_get_path()

The current implementation of fdt_get_path() has a couple of bugs,
fixed by this patch.

First, contrary to its documentation, on success it returns the length
of the node's path, rather than 0.  The testcase is correspondingly
wrong, and the patch fixes this as well.

Second, in some circumstances, it will return -FDT_ERR_BADOFFSET
instead of -FDT_ERR_NOSPACE when given insufficient buffer space.
Specifically this happens when there is insufficient space even to
hold the path's second last component.  This behaviour is corrected,
and the testcase updated to check it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
main
David Gibson 17 years ago committed by Jon Loeliger
parent
commit
8daae14b74
  1. 23
      libfdt/fdt_ro.c
  2. 10
      tests/get_path.c

23
libfdt/fdt_ro.c

@ -316,9 +316,6 @@ int fdt_get_path(const void *fdt, int nodeoffset, char *buf, int buflen)
for (offset = 0, depth = 0; for (offset = 0, depth = 0;
(offset >= 0) && (offset <= nodeoffset); (offset >= 0) && (offset <= nodeoffset);
offset = fdt_next_node(fdt, offset, &depth)) { offset = fdt_next_node(fdt, offset, &depth)) {
if (pdepth < depth)
continue; /* overflowed buffer */

while (pdepth > depth) { while (pdepth > depth) {
do { do {
p--; p--;
@ -326,14 +323,16 @@ int fdt_get_path(const void *fdt, int nodeoffset, char *buf, int buflen)
pdepth--; pdepth--;
} }


name = fdt_get_name(fdt, offset, &namelen); if (pdepth >= depth) {
if (!name) name = fdt_get_name(fdt, offset, &namelen);
return namelen; if (!name)
if ((p + namelen + 1) <= buflen) { return namelen;
memcpy(buf + p, name, namelen); if ((p + namelen + 1) <= buflen) {
p += namelen; memcpy(buf + p, name, namelen);
buf[p++] = '/'; p += namelen;
pdepth++; buf[p++] = '/';
pdepth++;
}
} }


if (offset == nodeoffset) { if (offset == nodeoffset) {
@ -343,7 +342,7 @@ int fdt_get_path(const void *fdt, int nodeoffset, char *buf, int buflen)
if (p > 1) /* special case so that root path is "/", not "" */ if (p > 1) /* special case so that root path is "/", not "" */
p--; p--;
buf[p] = '\0'; buf[p] = '\0';
return p; return 0;
} }
} }



10
tests/get_path.c

@ -43,6 +43,8 @@ static void check_path_buf(void *fdt, const char *path, int pathlen, int buflen)
memset(buf, POISON, sizeof(buf)); /* poison the buffer */ memset(buf, POISON, sizeof(buf)); /* poison the buffer */


len = fdt_get_path(fdt, offset, buf, buflen); len = fdt_get_path(fdt, offset, buf, buflen);
verbose_printf("get_path() %s -> %d -> %s\n", path, offset, buf);

if (buflen <= pathlen) { if (buflen <= pathlen) {
if (len != -FDT_ERR_NOSPACE) if (len != -FDT_ERR_NOSPACE)
FAIL("fdt_get_path([%d bytes]) returns %d with " FAIL("fdt_get_path([%d bytes]) returns %d with "
@ -51,9 +53,9 @@ static void check_path_buf(void *fdt, const char *path, int pathlen, int buflen)
if (len < 0) if (len < 0)
FAIL("fdt_get_path([%d bytes]): %s", buflen, FAIL("fdt_get_path([%d bytes]): %s", buflen,
fdt_strerror(len)); fdt_strerror(len));
if (len != pathlen) if (len != 0)
FAIL("fdt_get_path([%d bytes]) reports length %d " FAIL("fdt_get_path([%d bytes]) returns %d "
"instead of %d", buflen, len, pathlen); "instead of 0", buflen, len);
if (strcmp(buf, path) != 0) if (strcmp(buf, path) != 0)
FAIL("fdt_get_path([%d bytes]) returns \"%s\" " FAIL("fdt_get_path([%d bytes]) returns \"%s\" "
"instead of \"%s\"", buflen, buf, path); "instead of \"%s\"", buflen, buf, path);
@ -70,6 +72,8 @@ static void check_path(void *fdt, const char *path)
check_path_buf(fdt, path, pathlen, 1024); check_path_buf(fdt, path, pathlen, 1024);
check_path_buf(fdt, path, pathlen, pathlen+1); check_path_buf(fdt, path, pathlen, pathlen+1);
check_path_buf(fdt, path, pathlen, pathlen); check_path_buf(fdt, path, pathlen, pathlen);
check_path_buf(fdt, path, pathlen, 0);
check_path_buf(fdt, path, pathlen, 2);
} }


int main(int argc, char *argv[]) int main(int argc, char *argv[])

Loading…
Cancel
Save