From af67b25250e5dd636a844d869bba8ce698422145 Mon Sep 17 00:00:00 2001 From: Jon Nalley Date: Wed, 26 Feb 2014 11:32:21 -0500 Subject: [PATCH] libfdt: Fix segfault when calling fit_check_format() on corrupt FIT images It has been observed that fit_check_format() will fail when passed a corrupt FIT image. This was tracked down to _fdt_string_eq(): return (strlen(p) == len) && (memcmp(p, s, len) == 0); In the case of a corrupt FIT image one can't depend on 'p' being NULL terminated. I changed it to use strnlen() to fix the issue. Signed-off-by: Tom Rini --- lib/libfdt/fdt_ro.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libfdt/fdt_ro.c b/lib/libfdt/fdt_ro.c index f2154e8370..36af043525 100644 --- a/lib/libfdt/fdt_ro.c +++ b/lib/libfdt/fdt_ro.c @@ -44,7 +44,7 @@ static int _fdt_string_eq(const void *fdt, int stroffset, { const char *p = fdt_string(fdt, stroffset); - return (strlen(p) == len) && (memcmp(p, s, len) == 0); + return (strnlen(p, len + 1) == len) && (memcmp(p, s, len) == 0); } int fdt_get_mem_rsv(const void *fdt, int n, uint64_t *address, uint64_t *size) -- 2.39.5