[Crosstoolchain-logs] [device-tree-compiler] 32/198: Fix uninitialized access bug in utilfdt_decode_type
Hector Oron
zumbi at moszumanska.debian.org
Thu Dec 8 17:06:50 UTC 2016
This is an automated email from the git hooks/post-receive script.
zumbi pushed a commit to branch upstream/1.4.x
in repository device-tree-compiler.
commit e280442e08fcbe8431dc85d836ff3ecc489932fb
Author: David Gibson <david at gibson.dropbear.id.au>
Date: Fri Feb 3 17:06:12 2012 +1100
Fix uninitialized access bug in utilfdt_decode_type
I just found this little bug with valgrind. strchr() will return true
if the given character is '\0'. This meant that utilfdt_decode_type()
could take a path which accesses uninitialized data when given the
(invalid) format string "L".
Signed-off-by: David Gibson <david at gibson.dropbear.id.au>
---
util.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/util.c b/util.c
index d82d41f..2422c34 100644
--- a/util.c
+++ b/util.c
@@ -296,6 +296,9 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
{
int qualifier = 0;
+ if (!*fmt)
+ return -1;
+
/* get the conversion qualifier */
*size = -1;
if (strchr("hlLb", *fmt)) {
@@ -311,7 +314,7 @@ int utilfdt_decode_type(const char *fmt, int *type, int *size)
}
/* we should now have a type */
- if (!strchr("iuxs", *fmt))
+ if ((*fmt == '\0') || !strchr("iuxs", *fmt))
return -1;
/* convert qualifier (bhL) to byte size */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/crosstoolchain/device-tree-compiler.git
More information about the Crosstoolchain-logs
mailing list