Courtney Cavin d4c7c25c9e libfdt: check for potential overrun in _fdt_splice() ...

This patch catches the conditions where:
 - 'splicepoint' is set to a point outside of [ fdt, fdt_totalsize(fdt) )
 - 'newlen' is negative, or 'splicepoint' plus 'newlen' results in overflow

Either of these cases can be caused by math which overflows in calling
functions, or by sizes specified through dynamic means.

Signed-off-by: Courtney Cavin <courtney.cavin@sonymobile.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>

2015-12-02 13:11:11 +11:00

..

fdt_addresses.c

libfdt: Add helpers to read #address-cells and #size-cells

2014-05-12 16:01:09 +10:00

fdt_empty_tree.c

libfdt: Add helper function to create a trivial, empty tree

2012-06-03 09:16:17 -05:00

fdt_ro.c

fdt: Add functions to retrieve strings

2015-09-30 13:26:31 +10:00

fdt_rw.c

libfdt: check for potential overrun in _fdt_splice()

2015-12-02 13:11:11 +11:00

fdt_strerror.c

libfdt: Increase namespace-pollution paranoia

2008-07-14 12:36:27 -05:00

fdt_sw.c

libfdt: Add function to resize the buffer for a sequential write tree

2013-10-26 00:17:37 +11:00

fdt_wip.c

dtc/libfdt: sparse fixes

2013-01-06 15:58:23 -06:00

fdt.c

libfdt: Add fdt_next_subnode() to permit easy subnode iteration

2013-04-28 07:30:49 -05:00

fdt.h

Added license header to dtc/libfdt/fdt.h and libfdt_env.h

2013-02-18 08:03:50 -06:00

libfdt_env.h

Added license header to dtc/libfdt/fdt.h and libfdt_env.h

2013-02-18 08:03:50 -06:00

libfdt_internal.h

libfdt: avoid shadowing "err" in FDT_CHECK_HEADER

2014-01-25 15:11:20 +11:00

libfdt.h

fdt: Add functions to retrieve strings

2015-09-30 13:26:31 +10:00

Makefile.libfdt

libfdt: Add helpers to read #address-cells and #size-cells

2014-05-12 16:01:09 +10:00

TODO

dtc: Update TODO files

2007-12-19 08:20:26 -06:00

version.lds

libfdt: Add some missing symbols to version.lds

2015-12-01 12:55:21 +11:00