From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Date: Thu, 8 Dec 2022 01:14:20 +0000 (+0100)
Subject: lib: fix __fdt_parse_region()
X-Git-Tag: v1.2~20
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c2be21432c00840e6b2d2e5cdc668b5ee6180738;p=platform%2Fkernel%2Fopensbi.git

lib: fix __fdt_parse_region()

If fdt_getprop() returns NULL, this indicates an error. In this case lenp
is set to an error code. But even if lenp = 0 we should not continue.

If fdt_getprop() returns a wider value than we expect this is a separate
error condition.

In both cases the device-tree is invalid.

Addresses-Coverity-ID: 1529703 ("Dereference after null check")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
---

diff --git a/lib/utils/fdt/fdt_domain.c b/lib/utils/fdt/fdt_domain.c
index bd0eec3..0568603 100644
--- a/lib/utils/fdt/fdt_domain.c
+++ b/lib/utils/fdt/fdt_domain.c
@@ -246,7 +246,7 @@ static int __fdt_parse_region(void *fdt, int domain_offset,
 
 	/* Read "base" DT property */
 	val = fdt_getprop(fdt, region_offset, "base", &len);
-	if (!val && len >= 8)
+	if (!val || len != 8)
 		return SBI_EINVAL;
 	val64 = fdt32_to_cpu(val[0]);
 	val64 = (val64 << 32) | fdt32_to_cpu(val[1]);
@@ -254,7 +254,7 @@ static int __fdt_parse_region(void *fdt, int domain_offset,
 
 	/* Read "order" DT property */
 	val = fdt_getprop(fdt, region_offset, "order", &len);
-	if (!val && len >= 4)
+	if (!val || len != 4)
 		return SBI_EINVAL;
 	val32 = fdt32_to_cpu(*val);
 	if (val32 < 3 || __riscv_xlen < val32)