From 70fd2e82371d7fa89249124ce6ec533cc8c3f05d Mon Sep 17 00:00:00 2001 From: Pierre-Clément Tosi Date: Mon, 1 Aug 2022 10:37:12 +0100 Subject: ANDROID: fuzz: Check for NULL property during walk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When fdt_get_property_by_offset() fails, it returns NULL so prevent the fuzzer from dereferencing the pointer, in that case. Bug: 240841657 Test: SANITIZE_HOST=address m libfdt_fuzzer Signed-off-by: Pierre-Clément Tosi Change-Id: Idcd187993fce0140038b61589a183b16d822004b --- fuzzing/libfdt_fuzzer.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'fuzzing') diff --git a/fuzzing/libfdt_fuzzer.c b/fuzzing/libfdt_fuzzer.c index b433bbc..f89f1b4 100644 --- a/fuzzing/libfdt_fuzzer.c +++ b/fuzzing/libfdt_fuzzer.c @@ -62,6 +62,8 @@ static void walk_node_properties(const void *device_tree, int node) { fdt_for_each_property_offset(property, device_tree, node) { const struct fdt_property *prop = fdt_get_property_by_offset(device_tree, property, &len); + if (!prop) + continue; check_mem(prop->data, fdt32_to_cpu(prop->len)); } } -- cgit v1.2.3-59-g8ed1b