diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2017-11-14 22:45:56 +1100 |
|---|---|---|
| committer | David Gibson <david@gibson.dropbear.id.au> | 2018-06-07 11:48:20 +1000 |
| commit | 70166d62a27f39b15f931b7bf3ffbaa1478fadcf (patch) | |
| tree | 02e2873c95dfdbc946926cc45d57bd7502ef8598 /tests/testdata.h | |
| parent | eb890c0f77dcd98bb3f24755d50dfbe5eba11340 (diff) | |
| download | dtc-70166d62a27f39b15f931b7bf3ffbaa1478fadcf.zip dtc-70166d62a27f39b15f931b7bf3ffbaa1478fadcf.tar.gz dtc-70166d62a27f39b15f931b7bf3ffbaa1478fadcf.tar.bz2 | |
libfdt: Safer access to strings section
fdt_string() is used to retrieve strings from a DT blob's strings section.
It's rarely used directly, but is widely used internally.
However, it doesn't do any bounds checking, which means in the case of a
corrupted blob it could access bad memory, which libfdt is supposed to
avoid.
This write a safe alternative to fdt_string, fdt_get_string(). It checks
both that the given offset is within the string section and that the string
it points to is properly \0 terminated within the section. It also returns
the string's length as a convenience (since it needs to determine to do the
checks anyway).
fdt_string() is rewritten in terms of fdt_get_string() for compatibility.
Most of the diff here is actually testing infrastructure.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Diffstat (limited to 'tests/testdata.h')
| -rw-r--r-- | tests/testdata.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/testdata.h b/tests/testdata.h index c30f0c8..b257011 100644 --- a/tests/testdata.h +++ b/tests/testdata.h @@ -47,4 +47,5 @@ extern struct fdt_header bad_node_char; extern struct fdt_header bad_node_format; extern struct fdt_header bad_prop_char; extern struct fdt_header ovf_size_strings; +extern struct fdt_header truncated_string; #endif /* ! __ASSEMBLY */ |