Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_external_dtc / 11f671ae84ff775a9dcefc747271247b5f361e7d
commit11f671ae84ff775a9dcefc747271247b5f361e7d[log] [tgz]
authorPierre-Clément Tosi <ptosi@google.com>Mon Jul 11 10:29:50 2022 +0100
committerPierre-Clément Tosi <ptosi@google.com>Mon Jul 11 12:32:44 2022 +0100
tree2119a8d78b66d447e88e0d63cb7ff8b2f0ddcdd6
parent4bd86627f0e9e9e25b5c404c912054154af57e43 [diff]
fuzzing: Validate FDT size before walking it

As a user of libfdt, the fuzzer is expected to fully validate the
untrusted DT before reading from it so call fdt_check_full(), which also
validates the size of the DT (as described in its header) against the
received buffer size, to prevent OOBs.

Bug: 230794395
Test: SANITIZE_HOST=address m libfdt_fuzzer
Test: out/host/linux-x86/fuzz/x86_64/libfdt_fuzzer/libfdt_fuzzer
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Change-Id: Ic4f4e7355e4978022001ee34b21fc7219adf1d56
1 file changed
tree: 2119a8d78b66d447e88e0d63cb7ff8b2f0ddcdd6
  1. Documentation/
  2. fuzzing/
  3. libfdt/
  4. pylibfdt/
  5. scripts/
  6. tests/
  7. .cirrus.yml
  8. .editorconfig
  9. .gitignore
  10. .travis.yml
  11. Android.bp
  12. BSD-2-Clause
  13. checks.c
  14. convert-dtsv0-lexer.l
  15. data.c
  16. dtc-lexer.l
  17. dtc-parser.y
  18. dtc.c
  19. dtc.h
  20. dtdiff
  21. fdtdump.c
  22. fdtget.c
  23. fdtoverlay.c
  24. fdtput.c
  25. flattree.c
  26. fstree.c
  27. GPL
  28. livetree.c
  29. Makefile
  30. Makefile.convert-dtsv0
  31. Makefile.dtc
  32. Makefile.utils
  33. MANIFEST.in
  34. meson.build
  35. meson_options.txt
  36. METADATA
  37. MODULE_LICENSE_GPL
  38. NOTICE
  39. OWNERS
  40. README
  41. README.license
  42. README.version
  43. setup.py
  44. srcpos.c
  45. srcpos.h
  46. TODO
  47. treesource.c
  48. util.c
  49. util.h
  50. version_gen.h.in
  51. version_non_gen.h
  52. yamltree.c