libfdt: Fix undefined behaviour in fdt_offset_ptr()
authorDavid Gibson <david@gibson.dropbear.id.au>
Sun, 2 Oct 2016 23:59:26 +0000 (17:59 -0600)
committerSimon Glass <sjg@chromium.org>
Thu, 13 Oct 2016 19:54:10 +0000 (13:54 -0600)
commit491c7b6f42a8101f1e84cf8e13a0e23b5eca729e
treee823ddccede6edbf22cdffdebac66c63b2b05fec
parentef47683646516002694729986d19713e49b903e3
libfdt: Fix undefined behaviour in fdt_offset_ptr()

Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C.  Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.

To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.

Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Simon Glass <sjg@chromium.org>
lib/libfdt/fdt.c