ANDROID: fuzz: Only check valid phandles
Ignore invalid phandles from fdt_get_phandle(). Update the assert() to avoid false positives, as per the libfdt API: ``` * fdt_node_offset_by_phandle() returns the offset of the node * which has the given phandle value. If there is more than one node * in the tree with the given phandle (an invalid tree), results are * undefined. ``` Bug: 240612647 Test: SANITIZE_HOST=address m libfdt_fuzzer Signed-off-by: Pierre-Clément Tosi <ptosi@google.com> Change-Id: Ifbb6a25ab6bd1463afccc88f9756d34c3cf59717
This commit is contained in:
Pierre-Clément Tosi
parent
f500e27127
commit
3afda967bc
1 changed files with 6 additions and 2 deletions
|
|
@ -55,6 +55,9 @@ static void check_mem(const void *mem, size_t len) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool phandle_is_valid(uint32_t phandle) {
|
||||||
|
return phandle != 0 && phandle != UINT32_MAX;
|
||||||
|
}
|
||||||
|
|
||||||
static void walk_device_tree(const void *device_tree, int parent_node) {
|
static void walk_device_tree(const void *device_tree, int parent_node) {
|
||||||
int len = 0;
|
int len = 0;
|
||||||
|
|
@ -64,8 +67,9 @@ static void walk_device_tree(const void *device_tree, int parent_node) {
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t phandle = fdt_get_phandle(device_tree, parent_node);
|
uint32_t phandle = fdt_get_phandle(device_tree, parent_node);
|
||||||
if (phandle != 0) {
|
if (phandle_is_valid(phandle)) {
|
||||||
assert(parent_node == fdt_node_offset_by_phandle(device_tree, phandle));
|
int node = fdt_node_offset_by_phandle(device_tree, phandle);
|
||||||
|
assert(node >= 0); // it should at least find parent_node
|
||||||
}
|
}
|
||||||
|
|
||||||
// recursively walk the node's children
|
// recursively walk the node's children
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue