Commit d4c7c25c authored by Courtney Cavin's avatar Courtney Cavin Committed by David Gibson
Browse files

libfdt: check for potential overrun in _fdt_splice() 



This patch catches the conditions where:
 - 'splicepoint' is set to a point outside of [ fdt, fdt_totalsize(fdt) )
 - 'newlen' is negative, or 'splicepoint' plus 'newlen' results in overflow

Either of these cases can be caused by math which overflows in calling
functions, or by sizes specified through dynamic means.

Signed-off-by: default avatarCourtney Cavin <courtney.cavin@sonymobile.com>
Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@sonymobile.com>
parent f58799be
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment