diff options
| author | Adriana Nicolae <[email protected]> | 2025-12-09 07:55:38 -0800 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2025-12-10 09:28:40 -0600 |
| commit | 93d000bc5237a82e74d437b5fc3c5fdf5237df2d (patch) | |
| tree | c51080c8bf146842d1d80aa5427875083663c4b4 | |
| parent | da54deb1ac8ee65475c7dca556df751b7e31806e (diff) | |
test: dm: fdtdec: Validate FDT size in unit test
The current FDT decoding tests calculate the memory required
for FDT manipulation by directly adding a fixed margin to
fdt_totalsize(gd->fdt_blob). The static analyzer flagged
"gd->fdt_blob->totalsize" as a tainted value being passed
to fdt_open_into().
Ensure the size is validated by checking that the total size
is within a reasonable maximum FDT limit for unit tests.
Signed-off-by: Adriana Nicolae <[email protected]>
| -rw-r--r-- | test/dm/fdtdec.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/test/dm/fdtdec.c b/test/dm/fdtdec.c index ea5a494612c..495f57234a4 100644 --- a/test/dm/fdtdec.c +++ b/test/dm/fdtdec.c @@ -14,14 +14,19 @@ DECLARE_GLOBAL_DATA_PTR; +#define FDTDEC_MAX_SIZE (2 * 1024 * 1024) + static int dm_test_fdtdec_set_carveout(struct unit_test_state *uts) { struct fdt_memory resv; void *blob; const fdt32_t *prop; - int blob_sz, len, offset; + int blob_sz, len, offset, fdt_sz; + + fdt_sz = fdt_totalsize(gd->fdt_blob); + ut_assert(fdt_sz > 0 && fdt_sz < FDTDEC_MAX_SIZE); - blob_sz = fdt_totalsize(gd->fdt_blob) + 4096; + blob_sz = fdt_sz + 4096; blob = malloc(blob_sz); ut_assertnonnull(blob); @@ -67,10 +72,13 @@ static int dm_test_fdtdec_add_reserved_memory(struct unit_test_state *uts) fdt_size_t size; void *blob; unsigned long flags = FDTDEC_RESERVED_MEMORY_NO_MAP; - int blob_sz, parent, subnode; + int blob_sz, parent, subnode, fdt_sz; uint32_t phandle, phandle1; - blob_sz = fdt_totalsize(gd->fdt_blob) + 128; + fdt_sz = fdt_totalsize(gd->fdt_blob); + ut_assert(fdt_sz > 0 && fdt_sz < FDTDEC_MAX_SIZE); + + blob_sz = fdt_sz + 128; blob = malloc(blob_sz); ut_assertnonnull(blob); @@ -138,14 +146,17 @@ static int dm_test_fdt_chosen_smbios(struct unit_test_state *uts) void *blob; ulong val; struct smbios3_entry *entry; - int chosen, blob_sz; + int chosen, blob_sz, fdt_sz; const fdt64_t *prop; if (!CONFIG_IS_ENABLED(GENERATE_SMBIOS_TABLE)) { return -EAGAIN; } - blob_sz = fdt_totalsize(gd->fdt_blob) + 4096; + fdt_sz = fdt_totalsize(gd->fdt_blob); + ut_assert(fdt_sz > 0 && fdt_sz < FDTDEC_MAX_SIZE); + + blob_sz = fdt_sz + 4096; blob = memalign(8, blob_sz); ut_assertnonnull(blob); |