On Mon, Oct 09, 2023 at 03:16:43PM +0100, Pierre-Clément Tosi wrote: > Reject empty paths and negative lengths, according to the DT spec v0.4: > > The convention for specifying a device path is: > /node-name-1/node-name-2/node-name-N > > The path to the root node is /. > > This prevents the access to path[0] from ever being out-of-bounds. > > Signed-off-by: Pierre-Clément Tosi > --- > v2 > - allow the check to be optimized out when ASSUME_VALID_INPUT > - add test coverage for empty paths and negative size > - remove redundant part of the quote in the commit message > --- > libfdt/fdt_ro.c | 3 +++ > tests/path_offset.c | 6 ++++++ > 2 files changed, 9 insertions(+) > > diff --git a/libfdt/fdt_ro.c b/libfdt/fdt_ro.c > index c4c520c..7567f52 100644 > --- a/libfdt/fdt_ro.c > +++ b/libfdt/fdt_ro.c > @@ -255,6 +255,9 @@ int fdt_path_offset_namelen(const void *fdt, const char *path, int namelen) > > FDT_RO_PROBE(fdt); > > + if (!can_assume(VALID_INPUT) && namelen <= 0) > + return -FDT_ERR_BADPATH; > + > /* see if we have an alias */ > if (*path != '/') { > const char *q = memchr(path, '/', end - p); > diff --git a/tests/path_offset.c b/tests/path_offset.c > index 8e657af..0193e61 100644 > --- a/tests/path_offset.c > +++ b/tests/path_offset.c > @@ -48,6 +48,9 @@ static void check_path_offset(void *fdt, const char *path, int offset) > verbose_printf("Checking offset of \"%s\" is %d...\n", path, offset); > > rc = fdt_path_offset(fdt, path); > + if (rc == offset) > + return; > + Since you're adding this test here... > if (rc < 0) > FAIL("fdt_path_offset(\"%s\") failed: %s", > path, fdt_strerror(rc)); .. you shouldalso remove the (rc != offset) test which comes immediately after this one. > @@ -102,6 +105,7 @@ int main(int argc, char *argv[]) > check_path_offset(fdt, "/subnode@2/subsubnode", subsubnode2_offset2); > > /* Test paths with extraneous separators */ > + check_path_offset(fdt, "", -FDT_ERR_BADPATH); > check_path_offset(fdt, "//", 0); > check_path_offset(fdt, "///", 0); > check_path_offset(fdt, "//subnode@1", subnode1_offset); > @@ -110,6 +114,8 @@ int main(int argc, char *argv[]) > check_path_offset(fdt, "/subnode@2////subsubnode", subsubnode2_offset2); > > /* Test fdt_path_offset_namelen() */ > + check_path_offset_namelen(fdt, "/subnode@1", -1, -FDT_ERR_BADPATH); > + check_path_offset_namelen(fdt, "/subnode@1", 0, -FDT_ERR_BADPATH); > check_path_offset_namelen(fdt, "/subnode@1", 1, 0); > check_path_offset_namelen(fdt, "/subnode@1/subsubnode", 10, subnode1_offset); > check_path_offset_namelen(fdt, "/subnode@1/subsubnode", 11, subnode1_offset); -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson