git: 89f5bc467c79 - main - dtc: Sync with upstream version e9a77451cdd8

From: Jessica Clarke <jrtc27_at_FreeBSD.org>
Date: Mon, 28 Feb 2022 22:41:11 UTC
The branch main has been updated by jrtc27:

URL: https://cgit.FreeBSD.org/src/commit/?id=89f5bc467c793a6023bfac8db519a8d74f21a8d0

commit 89f5bc467c793a6023bfac8db519a8d74f21a8d0
Author:     Jessica Clarke <jrtc27@FreeBSD.org>
AuthorDate: 2022-02-28 22:37:47 +0000
Commit:     Jessica Clarke <jrtc27@FreeBSD.org>
CommitDate: 2022-02-28 22:37:47 +0000

    dtc: Sync with upstream version e9a77451cdd8
    
    1c231509cf88 ("Validate integers fit in cells") is the only change
    missing from our copy.
    
    Reviewed by:    manu, imp
    Differential Revision:  https://reviews.freebsd.org/D34368
---
 usr.bin/dtc/fdt.cc          | 18 ++++++++++++++++++
 usr.bin/dtc/input_buffer.cc |  5 ++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/usr.bin/dtc/fdt.cc b/usr.bin/dtc/fdt.cc
index 3c7b2a8bd9ab..bdfd495a02d2 100644
--- a/usr.bin/dtc/fdt.cc
+++ b/usr.bin/dtc/fdt.cc
@@ -335,10 +335,28 @@ property::parse_cells(text_input_buffer &input, int cell_size)
 			unsigned long long val;
 			if (!input.consume_integer_expression(val))
 			{
+				// FIXME: Distinguish invalid syntax from a
+				// number that cannot be represented in an
+				// unsigned long long.
 				input.parse_error("Expected numbers in array of cells");
 				valid = false;
 				return;
 			}
+			// FIXME: No sign information available, so cannot
+			// distinguish small negative values from large
+			// positive ones, and thus we have to conservatively
+			// permit anything that looks like a sign-extended
+			// negative integer.
+			if (cell_size < 64 && val >= (1ull << cell_size) &&
+			    (val | ((1ull << (cell_size - 1)) - 1)) !=
+			    std::numeric_limits<unsigned long long>::max())
+			{
+				std::string msg = "Value does not fit in a " +
+					std::to_string(cell_size) + "-bit cell";
+				input.parse_error(msg.c_str());
+				valid = false;
+				return;
+			}
 			switch (cell_size)
 			{
 				case 8:
diff --git a/usr.bin/dtc/input_buffer.cc b/usr.bin/dtc/input_buffer.cc
index 1f4775c8b78c..01ab483353c0 100644
--- a/usr.bin/dtc/input_buffer.cc
+++ b/usr.bin/dtc/input_buffer.cc
@@ -349,8 +349,11 @@ input_buffer::consume_integer(unsigned long long &outInt)
 		return false;
 	}
 	char *end= const_cast<char*>(&buffer[size]);
+	errno = 0;
 	outInt = strtoull(&buffer[cursor], &end, 0);
-	if (end == &buffer[cursor])
+	if (end == &buffer[cursor] ||
+	    (outInt == std::numeric_limits<unsigned long long>::max() &&
+	     errno == ERANGE))
 	{
 		return false;
 	}