812b1956a0
In libfdt we often sanity test fdt_totalsize(fdt) fairly early, then trust it (but *only* that header field) for the remainder of our work. However, Coverity gets confused by this - it sees the byteswap in fdt32_ld() and assumes that means it is coming from an untrusted source everytime, resulting in many tainted data warnings. Most of these end up with logic in fdt_get_string() as the unsafe destination for this tainted data, so let's tweak the logic there to make it clearer to Coverity that this is ok. We add a sanity test on fdt_totalsize() to fdt_probe_ro_(). Because the interface allows bare ints to be used for offsets, we already have the assumption that totalsize must be 31-bits or less (2GiB would be a ludicrously large fdt). This makes this more explicit. We also make fdt_probe_ro() return the size for convenience, and change the logic in fdt_get_string() to keep it in a local so that Coverity can see that it has already been bounds-checked. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
51 lines
1.4 KiB
C
51 lines
1.4 KiB
C
/* SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-2-Clause) */
|
|
#ifndef LIBFDT_INTERNAL_H
|
|
#define LIBFDT_INTERNAL_H
|
|
/*
|
|
* libfdt - Flat Device Tree manipulation
|
|
* Copyright (C) 2006 David Gibson, IBM Corporation.
|
|
*/
|
|
#include <fdt.h>
|
|
|
|
#define FDT_ALIGN(x, a) (((x) + (a) - 1) & ~((a) - 1))
|
|
#define FDT_TAGALIGN(x) (FDT_ALIGN((x), FDT_TAGSIZE))
|
|
|
|
int fdt_ro_probe_(const void *fdt);
|
|
#define FDT_RO_PROBE(fdt) \
|
|
{ \
|
|
int totalsize_; \
|
|
if ((totalsize_ = fdt_ro_probe_(fdt)) < 0) \
|
|
return totalsize_; \
|
|
}
|
|
|
|
int fdt_check_node_offset_(const void *fdt, int offset);
|
|
int fdt_check_prop_offset_(const void *fdt, int offset);
|
|
const char *fdt_find_string_(const char *strtab, int tabsize, const char *s);
|
|
int fdt_node_end_offset_(void *fdt, int nodeoffset);
|
|
|
|
static inline const void *fdt_offset_ptr_(const void *fdt, int offset)
|
|
{
|
|
return (const char *)fdt + fdt_off_dt_struct(fdt) + offset;
|
|
}
|
|
|
|
static inline void *fdt_offset_ptr_w_(void *fdt, int offset)
|
|
{
|
|
return (void *)(uintptr_t)fdt_offset_ptr_(fdt, offset);
|
|
}
|
|
|
|
static inline const struct fdt_reserve_entry *fdt_mem_rsv_(const void *fdt, int n)
|
|
{
|
|
const struct fdt_reserve_entry *rsv_table =
|
|
(const struct fdt_reserve_entry *)
|
|
((const char *)fdt + fdt_off_mem_rsvmap(fdt));
|
|
|
|
return rsv_table + n;
|
|
}
|
|
static inline struct fdt_reserve_entry *fdt_mem_rsv_w_(void *fdt, int n)
|
|
{
|
|
return (void *)(uintptr_t)fdt_mem_rsv_(fdt, n);
|
|
}
|
|
|
|
#define FDT_SW_MAGIC (~FDT_MAGIC)
|
|
|
|
#endif /* LIBFDT_INTERNAL_H */
|