git: 89f5bc467c79 - main - dtc: Sync with upstream version e9a77451cdd8
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 28 Feb 2022 22:41:11 UTC
The branch main has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=89f5bc467c793a6023bfac8db519a8d74f21a8d0 commit 89f5bc467c793a6023bfac8db519a8d74f21a8d0 Author: Jessica Clarke <jrtc27@FreeBSD.org> AuthorDate: 2022-02-28 22:37:47 +0000 Commit: Jessica Clarke <jrtc27@FreeBSD.org> CommitDate: 2022-02-28 22:37:47 +0000 dtc: Sync with upstream version e9a77451cdd8 1c231509cf88 ("Validate integers fit in cells") is the only change missing from our copy. Reviewed by: manu, imp Differential Revision: https://reviews.freebsd.org/D34368 --- usr.bin/dtc/fdt.cc | 18 ++++++++++++++++++ usr.bin/dtc/input_buffer.cc | 5 ++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/usr.bin/dtc/fdt.cc b/usr.bin/dtc/fdt.cc index 3c7b2a8bd9ab..bdfd495a02d2 100644 --- a/usr.bin/dtc/fdt.cc +++ b/usr.bin/dtc/fdt.cc @@ -335,10 +335,28 @@ property::parse_cells(text_input_buffer &input, int cell_size) unsigned long long val; if (!input.consume_integer_expression(val)) { + // FIXME: Distinguish invalid syntax from a + // number that cannot be represented in an + // unsigned long long. input.parse_error("Expected numbers in array of cells"); valid = false; return; } + // FIXME: No sign information available, so cannot + // distinguish small negative values from large + // positive ones, and thus we have to conservatively + // permit anything that looks like a sign-extended + // negative integer. + if (cell_size < 64 && val >= (1ull << cell_size) && + (val | ((1ull << (cell_size - 1)) - 1)) != + std::numeric_limits<unsigned long long>::max()) + { + std::string msg = "Value does not fit in a " + + std::to_string(cell_size) + "-bit cell"; + input.parse_error(msg.c_str()); + valid = false; + return; + } switch (cell_size) { case 8: diff --git a/usr.bin/dtc/input_buffer.cc b/usr.bin/dtc/input_buffer.cc index 1f4775c8b78c..01ab483353c0 100644 --- a/usr.bin/dtc/input_buffer.cc +++ b/usr.bin/dtc/input_buffer.cc @@ -349,8 +349,11 @@ input_buffer::consume_integer(unsigned long long &outInt) return false; } char *end= const_cast<char*>(&buffer[size]); + errno = 0; outInt = strtoull(&buffer[cursor], &end, 0); - if (end == &buffer[cursor]) + if (end == &buffer[cursor] || + (outInt == std::numeric_limits<unsigned long long>::max() && + errno == ERANGE)) { return false; }