We have a couple of checks of the form:
if (offset+size > totalsize)
die();
We need to check that offset+size doesn't overflow, otherwise the check
will pass, and we may access past totalsize.
Found with AFL.
Signed-off-by: Anton Blanchard <anton@samba.org>
[Added a testcase]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
tests will need fdt type definitions provided in a subsequent patch
to libfdt_env.h. Since libfdt.h includes libfdt_env.h in the right
order anyway, just remove the fdt.h include.
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
This patch adds checks to the checking framework to verify that node
and property names contain only legal characters, and in the case of
node names there is at most one '@'.
At present when coming from dts input, this is mostly already ensured
by the grammer, however putting the check later means its easier to
generate helpful error messages rather than just "syntax error". For
dtb input, these checks replace the older similar check built into
flattree.c.
Testcases for the checks are also implemented.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
When I released libfdt, I forgot to add a copyright notice to
dumptrees.c (probably because the program is so trivial). Apparently
the lack causes trouble for Debian, so this patch adds one. I've gone
through the git history and double checked that no-one has touched
this file except me (and I barely have myself since its initial
commit).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
At present fdt.h #includes stdint.h. This makes some sense, because fdt.h
uses the standard fixed-width integer types. However, this can make life
difficult when building in different environments which may not have a
stdint.h. Therefore, this patch removes the #include from fdt.h, instead
requiring that users of fdt.h define the fixed-width integer types before
including fdt.h, either by themselves including stdint.h, or by any other
means.
At present, the blob containing a device tree is passed to the various
fdt_*() functions as a (struct fdt_header *) i.e. a pointer to the
header structure at the beginning of the blob.
This patch changes all the functions so that they instead take a (void
*) pointing to the blob. Under some circumstances can avoid the need
for the caller to cast a blob pointer into a (struct fdt_header *)
before passing it to the fdt_*() functions.
Using a (void *) also reduce the temptation for users of the library
to directly dereference toe (struct fdt_header *) to access header
fields. Instead they must use the fdt_get_header() or
fdt_set_header() macros, or the fdt_magic(), fdt_totalsize()
etc. wrappers around them which are safer, since they will always
handle endian conversion.
With this change, the whole-tree moving, or manipulating functions:
fdt_move(), fdt_open_into() and fdt_pack() no longer need to return a
pointer to the "new" tree. The given (void *) buffer pointer they
take can instead be used directly by the caller as the new tree.
Those functions are thus changed to instead return an error code
(which in turn reduces the number of functions using the ugly encoding
of error values into pointers).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This patch adds exported accessor macros for the various flat device
tree header fields to libfdt.h. This necessitates moving some of the
byte-swapping functions.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Anton Blanchard