diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2012-02-03 17:06:12 +1100 |
|---|---|---|
| committer | Jon Loeliger <jdl@jdl.com> | 2012-02-03 08:43:40 -0600 |
| commit | e280442e08fcbe8431dc85d836ff3ecc489932fb (patch) | |
| tree | 378e8a0524187ec84304496ddcb1e908e4e06dc9 /util.c | |
| parent | 0b3b46e019f546a24927bb7ca009670762c00107 (diff) | |
| download | dtc-e280442e08fcbe8431dc85d836ff3ecc489932fb.tar.gz | |
Fix uninitialized access bug in utilfdt_decode_type
I just found this little bug with valgrind. strchr() will return true
if the given character is '\0'. This meant that utilfdt_decode_type()
could take a path which accesses uninitialized data when given the
(invalid) format string "L".
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'util.c')
| -rw-r--r-- | util.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -296,6 +296,9 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size) { int qualifier = 0; + if (!*fmt) + return -1; + /* get the conversion qualifier */ *size = -1; if (strchr("hlLb", *fmt)) { @@ -311,7 +314,7 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size) } /* we should now have a type */ - if (!strchr("iuxs", *fmt)) + if ((*fmt == '\0') || !strchr("iuxs", *fmt)) return -1; /* convert qualifier (bhL) to byte size */ |