lib: fix __fdt_parse_region()

If fdt_getprop() returns NULL, this indicates an error. In this case lenp
is set to an error code. But even if lenp = 0 we should not continue.

If fdt_getprop() returns a wider value than we expect this is a separate
error condition.

In both cases the device-tree is invalid.

Addresses-Coverity-ID: 1529703 ("Dereference after null check")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>

diff --git a/lib/utils/fdt/fdt_domain.c b/lib/utils/fdt/fdt_domain.c
index bd0eec3..0568603 100644 (file)
--- a/lib/utils/fdt/fdt_domain.c
+++ b/lib/utils/fdt/fdt_domain.c
@@ -246,7 +246,7 @@ static int __fdt_parse_region(void *fdt, int domain_offset,
 
        /* Read "base" DT property */
        val = fdt_getprop(fdt, region_offset, "base", &len);
-       if (!val && len >= 8)
+       if (!val || len != 8)
                return SBI_EINVAL;
        val64 = fdt32_to_cpu(val[0]);
        val64 = (val64 << 32) | fdt32_to_cpu(val[1]);
@@ -254,7 +254,7 @@ static int __fdt_parse_region(void *fdt, int domain_offset,
 
        /* Read "order" DT property */
        val = fdt_getprop(fdt, region_offset, "order", &len);
-       if (!val && len >= 4)
+       if (!val || len != 4)
                return SBI_EINVAL;
        val32 = fdt32_to_cpu(*val);
        if (val32 < 3 || __riscv_xlen < val32)