Virtualization
/
dtc
mirror of https://gitlab.com/qemu-project/dtc.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix uninitialized access bug in utilfdt_decode_type 

I just found this little bug with valgrind.  strchr() will return true
if the given character is '\0'.  This meant that utilfdt_decode_type()
could take a path which accesses uninitialized data when given the
(invalid) format string "L".

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
David Gibson 2012-02-03 17:06:12 +11:00 committed by Jon Loeliger
parent 0b3b46e019
commit e280442e08
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
util.c
View File

@ -296,6 +296,9 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
{
int qualifier = 0;
if (!*fmt)
return -1;
/* get the conversion qualifier */
*size = -1;
if (strchr("hlLb", *fmt)) {
@ -311,7 +314,7 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
}
/* we should now have a type */
if (!strchr("iuxs", *fmt))
if ((*fmt == '\0') || !strchr("iuxs", *fmt))
return -1;
/* convert qualifier (bhL) to byte size */