libfdt is never supposed to access memory outside the the blob, or outside
the sub-blocks within it, even if the blob is badly corrupted.
We can leverage valgrind's client requests to do better testing of this.
This adds a vg_prepare_blob() function which marks just the valid parts of
an fdt blob as properly initialized, explicitly marking the rest as
uninitialized. This means valgrind should catch any bad accesses.
We add a call to vg_prepare_blob() to load_blob() so that lots of the
existing testcases will benefit from the extra checking.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
In a number of places, dtc and associated tools and test code use
leading _ characters on identifiers to flag them as "internal", an
idiom taken from the Linux kernel. This is a bad idea in a userspace
program, because identifiers with a leading _ are reserved for the C
library / system.
In some cases, the extra _ served no real purpose, so simply drop it. In
others move to the end of the identifier, which is a convention we're free
to use for our own purposes.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
tests will need fdt type definitions provided in a subsequent patch
to libfdt_env.h. Since libfdt.h includes libfdt_env.h in the right
order anyway, just remove the fdt.h include.
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
This patch turns on optimisation in the Makefile by default. With the
optimizer on, some uninitialized variable warnings (one real, two
bogus) are now generated. This patch also squashes those again.
As a read-only functions, which take a const pointer to the fdt, treat
fdt_get_property() and fdt_getprop() as returning const pointers to
within the blob. fdt_get_property_w() and fdt_getprop_w() versions
are supplied which take a non-const fdt pointer and return a non-const
pointer for the benefit of callers wishing to alter the device tree
contents.
Likewise the lower-level fdt_offset_ptr() and _fdt_offset_ptr()
functions are changed to return const pointers, with *_w() versions
supplied.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
At present fdt.h #includes stdint.h. This makes some sense, because fdt.h
uses the standard fixed-width integer types. However, this can make life
difficult when building in different environments which may not have a
stdint.h. Therefore, this patch removes the #include from fdt.h, instead
requiring that users of fdt.h define the fixed-width integer types before
including fdt.h, either by themselves including stdint.h, or by any other
means.
At present, libfdt functions returning a structure offset return a
zero-or-positive offset on success, and return a negative error code
on failure. Functions which only return an error code return a
positive version of the error code, or 0 on success.
This patch improves consistency by always returning negative error
codes on failure, for both types of function. With this change, we do
away with the special fdt_offset_error() macro for checking whether a
returned offset value is an error and extracting the encoded error
value within. Instead an explicit (ret_value < 0) is now the
preferred way of checking return values for both offset-returning and
error-code-returning functions.
The fdt_strerror() function in the test code is updated
correspondingly to make more sense with the new conventions.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This patch abolishes the non-standard and confusing encoding of errors
into pointer return values. The only functions still returning such a
potentially encoded pointer are fdt_get_property() and fdt_getprop().
Those functions also return a length via an (int *). With this patch
those functions instead now return NULL on any error, and return the
code indicating the type of error in the length paramater.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The libfdt functions are supposed to behave tolerably well when practical,
even if given a corrupted device tree as input. A silly mistake in
fdt_get_property() means we're bounds checking against the size of a pointer
instead of the size of a property header, meaning we can get bogus
behaviour in a corrupted device tree where the structure block ends in
what's supposed to be the middle of a property.
This patch corrects the problem (fdt_get_property() will now return
BADSTRUCTURE in this case), and also adds a testcase to catch the bug.