lib: libfdt: fdt_region: avoid NULL pointer access

The function fdt_find_regions look in the exclude list for each property, even if the name is NULL. It could happen if the fit image is corrupted. On sandbox, it generates a segfault. To avoid this issue, if the name of a property is NULL, we report an error and avoid looking in the exclude list. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
author: Philippe Reynes <philippe.reynes@softathome.com> 2020-07-02 19:31:29 +0200
committer: Simon Glass <sjg@chromium.org> 2020-07-20 11:37:47 -0600
commit: 2a3be302d5dd221ea64b85a700746b322e30f064 (patch)
tree: de991ce684d35059493ae9ca5f20a94c5f1695c4 /common
parent: df1fa4b2239aaf2e4a7b72ff1e81cfa53af8b08e (diff)
download: u-boot-2a3be302d5dd221ea64b85a700746b322e30f064.tar.gz
u-boot-2a3be302d5dd221ea64b85a700746b322e30f064.tar.bz2
u-boot-2a3be302d5dd221ea64b85a700746b322e30f064.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/common/fdt_region.c b/common/fdt_region.c
index 667659054a..ff12c518e9 100644
--- a/common/fdt_region.c
+++ b/common/fdt_region.c
@@ -65,6 +65,8 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count,
 			stop_at = offset;
 			prop = fdt_get_property_by_offset(fdt, offset, NULL);
 			str = fdt_string(fdt, fdt32_to_cpu(prop->nameoff));
+			if (!str)
+				return -FDT_ERR_BADSTRUCTURE;
 			if (str_in_list(str, exc_prop, exc_prop_count))
 				include = 0;
 			break;
author	Philippe Reynes <philippe.reynes@softathome.com>	2020-07-02 19:31:29 +0200
committer	Simon Glass <sjg@chromium.org>	2020-07-20 11:37:47 -0600
commit	2a3be302d5dd221ea64b85a700746b322e30f064 (patch)
tree	de991ce684d35059493ae9ca5f20a94c5f1695c4 /common
parent	df1fa4b2239aaf2e4a7b72ff1e81cfa53af8b08e (diff)
download	u-boot-2a3be302d5dd221ea64b85a700746b322e30f064.tar.gz u-boot-2a3be302d5dd221ea64b85a700746b322e30f064.tar.bz2 u-boot-2a3be302d5dd221ea64b85a700746b322e30f064.zip