Skip to content

Commit 2f945a7

Browse files
Sergey Shtylyovrobherring
authored andcommitted
of: fdt: fix off-by-one error in unflatten_dt_nodes()
Commit 78c44d9 ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which makes it possible to overflow the nps[] buffer... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. Fixes: 78c44d9 ("drivers/of: Fix depth when unflattening devicetree") Signed-off-by: Sergey Shtylyov <[email protected]> Signed-off-by: Rob Herring <[email protected]> Link: https://lore.kernel.org/r/[email protected]
1 parent 568035b commit 2f945a7

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

drivers/of/fdt.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -314,7 +314,7 @@ static int unflatten_dt_nodes(const void *blob,
314314
for (offset = 0;
315315
offset >= 0 && depth >= initial_depth;
316316
offset = fdt_next_node(blob, offset, &depth)) {
317-
if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH))
317+
if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH - 1))
318318
continue;
319319

320320
if (!IS_ENABLED(CONFIG_OF_KOBJ) &&

0 commit comments

Comments
 (0)