* [bug report] scripts/dtc: Update to upstream version v1.5.0-23-g87963ee20693
@ 2019-06-26 10:07 Dan Carpenter
0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2019-06-26 10:07 UTC (permalink / raw)
To: robh; +Cc: devicetree
Hello Rob Herring,
The patch 9bb9c6a110ea: "scripts/dtc: Update to upstream version
v1.5.0-23-g87963ee20693" from Jun 12, 2019, leads to the following
static checker warning:
./scripts/dtc/libfdt/fdt_addresses.c:74 fdt_appendprop_addrrange()
warn: integer overflow (literal): u32max + 1
./scripts/dtc/libfdt/fdt_addresses.c
54 /* This function assumes that [address|size]_cells is 1 or 2 */
55 int fdt_appendprop_addrrange(void *fdt, int parent, int nodeoffset,
56 const char *name, uint64_t addr, uint64_t size)
57 {
58 int addr_cells, size_cells, ret;
59 uint8_t data[sizeof(fdt64_t) * 2], *prop;
60
61 ret = fdt_address_cells(fdt, parent);
62 if (ret < 0)
63 return ret;
64 addr_cells = ret;
65
66 ret = fdt_size_cells(fdt, parent);
67 if (ret < 0)
68 return ret;
69 size_cells = ret;
70
71 /* check validity of address */
72 prop = data;
73 if (addr_cells == 1) {
74 if ((addr > UINT32_MAX) || ((UINT32_MAX + 1 - addr) < size))
^^^^^^^^^^^^^^
UINT32_MAX + 1 is just zero.
75 return -FDT_ERR_BADVALUE;
76
77 fdt32_st(prop, (uint32_t)addr);
78 } else if (addr_cells == 2) {
79 fdt64_st(prop, addr);
80 } else {
81 return -FDT_ERR_BADNCELLS;
82 }
83
84 /* check validity of size */
85 prop += addr_cells * sizeof(fdt32_t);
86 if (size_cells == 1) {
87 if (size > UINT32_MAX)
88 return -FDT_ERR_BADVALUE;
89
90 fdt32_st(prop, (uint32_t)size);
91 } else if (size_cells == 2) {
92 fdt64_st(prop, size);
93 } else {
94 return -FDT_ERR_BADNCELLS;
95 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread* [bug report] scripts/dtc: Update to upstream version v1.5.0-23-g87963ee20693
@ 2020-01-14 6:27 Dan Carpenter
0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2020-01-14 6:27 UTC (permalink / raw)
To: kernel-janitors
Hello Rob Herring,
The patch 9bb9c6a110ea: "scripts/dtc: Update to upstream version
v1.5.0-23-g87963ee20693" from Jun 12, 2019, leads to the following
static checker warning:
lib/../scripts/dtc/libfdt/fdt_addresses.c:76 fdt_appendprop_addrrange()
warn: integer overflow (literal): u32max + 1
lib/../scripts/dtc/libfdt/fdt_addresses.c
57 int fdt_appendprop_addrrange(void *fdt, int parent, int nodeoffset,
58 const char *name, uint64_t addr, uint64_t size)
59 {
60 int addr_cells, size_cells, ret;
61 uint8_t data[sizeof(fdt64_t) * 2], *prop;
62
63 ret = fdt_address_cells(fdt, parent);
64 if (ret < 0)
65 return ret;
66 addr_cells = ret;
67
68 ret = fdt_size_cells(fdt, parent);
69 if (ret < 0)
70 return ret;
71 size_cells = ret;
72
73 /* check validity of address */
74 prop = data;
75 if (addr_cells = 1) {
76 if ((addr > UINT32_MAX) || ((UINT32_MAX + 1 - addr) < size))
^^^^^^^^^^^^^^
UINT32_MAX + 1 is zero.
77 return -FDT_ERR_BADVALUE;
78
79 fdt32_st(prop, (uint32_t)addr);
80 } else if (addr_cells = 2) {
81 fdt64_st(prop, addr);
82 } else {
83 return -FDT_ERR_BADNCELLS;
84 }
85
86 /* check validity of size */
87 prop += addr_cells * sizeof(fdt32_t);
88 if (size_cells = 1) {
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-14 6:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-26 10:07 [bug report] scripts/dtc: Update to upstream version v1.5.0-23-g87963ee20693 Dan Carpenter
-- strict thread matches above, loose matches on Subject: below --
2020-01-14 6:27 Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.