From: Dan Carpenter Date: Wed, 26 Jul 2023 06:59:52 +0000 (+0300) Subject: fdt: off by one in ofnode_lookup_fdt() X-Git-Tag: v2025.01-rc5-pxa1908~847^2~40^2~11 X-Git-Url: http://git.dujemihanovic.xyz/img/static/%7B%7B?a=commitdiff_plain;h=d7a92e9cb22497562b1632aebc0d625b17bbfd51;p=u-boot.git fdt: off by one in ofnode_lookup_fdt() The "oftree_count" is the number of entries which have been set in the oftree_list[] array. If all the entries have been initialized then this off by one would result in reading one element beyond the end of the array. Signed-off-by: Dan Carpenter Reviewed-by: Simon Glass --- diff --git a/drivers/core/ofnode.c b/drivers/core/ofnode.c index 8df16e56af..a4dc9bde08 100644 --- a/drivers/core/ofnode.c +++ b/drivers/core/ofnode.c @@ -103,7 +103,7 @@ void *ofnode_lookup_fdt(ofnode node) if (gd->flags & GD_FLG_RELOC) { uint i = OFTREE_TREE_ID(node.of_offset); - if (i > oftree_count) { + if (i >= oftree_count) { log_debug("Invalid tree ID %x\n", i); return NULL; }