Commit 2e53f9d2 authored by Anton Blanchard's avatar Anton Blanchard Committed by David Gibson
Browse files

Catch unsigned 32bit overflow when parsing flattened device tree offsets 



We have a couple of checks of the form:

    if (offset+size > totalsize)
        die();

We need to check that offset+size doesn't overflow, otherwise the check
will pass, and we may access past totalsize.

Found with AFL.

Signed-off-by: default avatarAnton Blanchard <anton@samba.org>
[Added a testcase]
Signed-off-by: default avatarDavid Gibson <david@gibson.dropbear.id.au>
parent b06e55c8
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment