Catch unsigned 32bit overflow when parsing flattened device tree offsets

We have a couple of checks of the form: if (offset+size > totalsize) die(); We need to check that offset+size doesn't overflow, otherwise the check will pass, and we may access past totalsize. Found with AFL. Signed-off-by: Anton Blanchard <anton@samba.org> [Added a testcase] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
author: Anton Blanchard <anton@samba.org> 2016-01-03 08:43:35 +1100
committer: David Gibson <david@gibson.dropbear.id.au> 2016-02-19 01:08:46 +1100
commit: 2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb (patch)
tree: 1c498c162608ead00ad8e841967b426df45293b4 /tests/testdata.h
parent: b06e55c88b9b922ff7e25cd62a4709b65524f0fc (diff)
download: dtc-2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb.zip
dtc-2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb.tar.gz
dtc-2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/testdata.h b/tests/testdata.h
index ce715e4..576974d 100644
--- a/tests/testdata.h
+++ b/tests/testdata.h
@@ -33,4 +33,5 @@ extern struct fdt_header _truncated_property;
 extern struct fdt_header _bad_node_char;
 extern struct fdt_header _bad_node_format;
 extern struct fdt_header _bad_prop_char;
+extern struct fdt_header _ovf_size_strings;
 #endif /* ! __ASSEMBLY */
author	Anton Blanchard <anton@samba.org>	2016-01-03 08:43:35 +1100
committer	David Gibson <david@gibson.dropbear.id.au>	2016-02-19 01:08:46 +1100
commit	2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb (patch)
tree	1c498c162608ead00ad8e841967b426df45293b4 /tests/testdata.h
parent	b06e55c88b9b922ff7e25cd62a4709b65524f0fc (diff)
download	dtc-2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb.zip dtc-2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb.tar.gz dtc-2e53f9d2f0a8faab6cec0d78958d52c155f6c6eb.tar.bz2