Fix uninitialized access bug in utilfdt_decode_type

I just found this little bug with valgrind. strchr() will return true if the given character is '\0'. This meant that utilfdt_decode_type() could take a path which accesses uninitialized data when given the (invalid) format string "L". Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
13 years ago · e280442e08
1 changed files with 4 additions and 1 deletions
--- a/util.c
+++ b/util.c
@ -296,6 +296,9 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
				@@ -296,6 +296,9 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
 {
 	int qualifier = 0;

+	if (!*fmt)
+		return -1;
+
 	/* get the conversion qualifier */
 	*size = -1;
 	if (strchr("hlLb", *fmt)) {
@ -311,7 +314,7 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
				@@ -311,7 +314,7 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
 	}

 	/* we should now have a type */
-	if (!strchr("iuxs", *fmt))
+	if ((*fmt == '\0') || !strchr("iuxs", *fmt))
 		return -1;

 	/* convert qualifier (bhL) to byte size */