lib: libfdt: fdt_region: avoid NULL pointer access

The function fdt_find_regions look in the exclude list for each property, even if the name is NULL. It could happen if the fit image is corrupted. On sandbox, it generates a segfault. To avoid this issue, if the name of a property is NULL, we report an error and avoid looking in the exclude list. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
author: Philippe Reynes <philippe.reynes@softathome.com> 2020-07-02 19:31:29 +0200
committer: Simon Glass <sjg@chromium.org> 2020-07-25 14:46:57 -0600
commit: e8781dcc892d8169e60194ca4b51ecdd5710a88f (patch)
tree: 667c2f2898756693ec318c46b76b8a76da188f91 /common
parent: 7058dd071accc0bafe5c4024e30631fb56fd7126 (diff)
download: u-boot-e8781dcc892d8169e60194ca4b51ecdd5710a88f.tar.gz
u-boot-e8781dcc892d8169e60194ca4b51ecdd5710a88f.tar.bz2
u-boot-e8781dcc892d8169e60194ca4b51ecdd5710a88f.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/common/fdt_region.c b/common/fdt_region.c
index 667659054a..ff12c518e9 100644
--- a/common/fdt_region.c
+++ b/common/fdt_region.c
@@ -65,6 +65,8 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count,
 			stop_at = offset;
 			prop = fdt_get_property_by_offset(fdt, offset, NULL);
 			str = fdt_string(fdt, fdt32_to_cpu(prop->nameoff));
+			if (!str)
+				return -FDT_ERR_BADSTRUCTURE;
 			if (str_in_list(str, exc_prop, exc_prop_count))
 				include = 0;
 			break;
author	Philippe Reynes <philippe.reynes@softathome.com>	2020-07-02 19:31:29 +0200
committer	Simon Glass <sjg@chromium.org>	2020-07-25 14:46:57 -0600
commit	e8781dcc892d8169e60194ca4b51ecdd5710a88f (patch)
tree	667c2f2898756693ec318c46b76b8a76da188f91 /common
parent	7058dd071accc0bafe5c4024e30631fb56fd7126 (diff)
download	u-boot-e8781dcc892d8169e60194ca4b51ecdd5710a88f.tar.gz u-boot-e8781dcc892d8169e60194ca4b51ecdd5710a88f.tar.bz2 u-boot-e8781dcc892d8169e60194ca4b51ecdd5710a88f.zip