From: Jon Nalley Date: Wed, 26 Feb 2014 16:32:21 +0000 (-0500) Subject: libfdt: Fix segfault when calling fit_check_format() on corrupt FIT images X-Git-Tag: v2025.01-rc5-pxa1908~15185 X-Git-Url: http://git.dujemihanovic.xyz/html/index.html?a=commitdiff_plain;h=af67b25250e5dd636a844d869bba8ce698422145;p=u-boot.git libfdt: Fix segfault when calling fit_check_format() on corrupt FIT images It has been observed that fit_check_format() will fail when passed a corrupt FIT image. This was tracked down to _fdt_string_eq(): return (strlen(p) == len) && (memcmp(p, s, len) == 0); In the case of a corrupt FIT image one can't depend on 'p' being NULL terminated. I changed it to use strnlen() to fix the issue. Signed-off-by: Tom Rini --- diff --git a/lib/libfdt/fdt_ro.c b/lib/libfdt/fdt_ro.c index f2154e8370..36af043525 100644 --- a/lib/libfdt/fdt_ro.c +++ b/lib/libfdt/fdt_ro.c @@ -44,7 +44,7 @@ static int _fdt_string_eq(const void *fdt, int stroffset, { const char *p = fdt_string(fdt, stroffset); - return (strlen(p) == len) && (memcmp(p, s, len) == 0); + return (strnlen(p, len + 1) == len) && (memcmp(p, s, len) == 0); } int fdt_get_mem_rsv(const void *fdt, int n, uint64_t *address, uint64_t *size)