From e280442e08fcbe8431dc85d836ff3ecc489932fb Mon Sep 17 00:00:00 2001 From: David Gibson Date: Fri, 3 Feb 2012 17:06:12 +1100 Subject: Fix uninitialized access bug in utilfdt_decode_type I just found this little bug with valgrind. strchr() will return true if the given character is '\0'. This meant that utilfdt_decode_type() could take a path which accesses uninitialized data when given the (invalid) format string "L". Signed-off-by: David Gibson --- util.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'util.c') diff --git a/util.c b/util.c index d82d41f..2422c34 100644 --- a/util.c +++ b/util.c @@ -296,6 +296,9 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size) { int qualifier = 0; + if (!*fmt) + return -1; + /* get the conversion qualifier */ *size = -1; if (strchr("hlLb", *fmt)) { @@ -311,7 +314,7 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size) } /* we should now have a type */ - if (!strchr("iuxs", *fmt)) + if ((*fmt == '\0') || !strchr("iuxs", *fmt)) return -1; /* convert qualifier (bhL) to byte size */ -- cgit v1.2.1