Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2231996/?format=api
{ "id": 2231996, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2231996/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260501222801.1596650-1-raymondmaoca@gmail.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/1.1/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260501222801.1596650-1-raymondmaoca@gmail.com>", "date": "2026-05-01T22:28:00", "name": "lib: fdtdec: validate bloblist FDT before consuming libfdt size", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "58f4b207ead7ac466c283735af30710a235dec14", "submitter": { "id": 91989, "url": "http://patchwork.ozlabs.org/api/1.1/people/91989/?format=api", "name": "Raymond Mao", "email": "raymondmaoca@gmail.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260501222801.1596650-1-raymondmaoca@gmail.com/mbox/", "series": [ { "id": 502501, "url": "http://patchwork.ozlabs.org/api/1.1/series/502501/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=502501", "date": "2026-05-01T22:28:00", "name": "lib: fdtdec: validate bloblist FDT before consuming libfdt size", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/502501/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2231996/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2231996/checks/", "tags": {}, "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=EEWg5dz2;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=85.214.62.61; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=gmail.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.b=\"EEWg5dz2\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=gmail.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=raymondmaoca@gmail.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de [85.214.62.61])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g6m0K48Xhz1yJ0\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 02 May 2026 08:28:33 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 7D9CB840D8;\n\tSat, 2 May 2026 00:28:21 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id D49B4841D7; Sat, 2 May 2026 00:28:19 +0200 (CEST)", "from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com\n [IPv6:2607:f8b0:4864:20::72c])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id A8B7C83693\n for <u-boot@lists.denx.de>; Sat, 2 May 2026 00:28:17 +0200 (CEST)", "by mail-qk1-x72c.google.com with SMTP id\n af79cd13be357-8cb20bcff5aso216010385a.3\n for <u-boot@lists.denx.de>; Fri, 01 May 2026 15:28:17 -0700 (PDT)", "from ubuntu.localdomain (172-97-209-197.cpe.distributel.net.\n [172.97.209.197]) by smtp.gmail.com with ESMTPSA id\n af79cd13be357-8fc2938e7f8sm284458485a.7.2026.05.01.15.28.15\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 01 May 2026 15:28:15 -0700 (PDT)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_GMAIL_RCVD,FREEMAIL_FROM,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=no\n autolearn_force=no version=3.4.2", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1777674496; x=1778279296; darn=lists.denx.de;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=vsgyUU/3UNTOHKVozBCl2pFqT4bdD/OJ1Ag1k46uKEQ=;\n b=EEWg5dz2GwmbSVi+Ci3CHzwqJ3653BG3TFqkRDTVjSVB2IpzRTIhKAXtfIsSNHMmMG\n w/OHYBvjMLF8YjV3YgsBbJvxHxX0wHGtrWdJJnbBiH0HAdSKaBtTmIj8wSa6PVqo96+f\n 0wxd1gXrBr3ffcDhh8jAyR3EXPfNr5ZZwP+GYa84HL3ntv1iPTKhaocMx0CBDCpptoxo\n qa13fORNOVo8VBH6ak9heeK+iqfx/cIO74nZE6CnwOEzkeq9AegDdR1g4D4yCkxFuEBI\n 1lfp6RYiWG1u619dJQb8mwkA2k9pnQE2PenH6dLEZN/K4xY7IwHOcBKOw6mPbJtect2K\n H35g==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777674496; x=1778279296;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=vsgyUU/3UNTOHKVozBCl2pFqT4bdD/OJ1Ag1k46uKEQ=;\n b=e6cTHL8eBTvHHIHy03b6zVU2i4B0rVfdONW9ZeAfAs7qEsXBQ4m5yherEtE0+wa238\n ee/NrJMAF2ic1FhZ0OpTw8DAxlBoy+mpuJ0JsAZwlkdn/Pnq8ZOWmU9ZYPGguZNsoYwX\n ytJSpXAexd7L5CZderFY53NAsWw0F9EnOav5WZyEGlQgdkUgKOj2dQAsZ3i+daDGfawT\n F6WUzvTHqtNgb+0gCNMOMOR3WNAa942nkcQgQH90sv2YwQynRyJRG2wlhXEQo5v5nSn8\n GU5iV/HUC7egFIir5oz3WPW0yfSnmMZv5BE/eVoKY4CHnUG/dUEnFz8uvSn5t7PTfxEB\n tW1A==", "X-Gm-Message-State": "AOJu0YwHU7O4cxcmDReNw4SHLZ+hjX0YHKEVLBdfw6xi8HhY0HkrSoO/\n wMveXtdNbSDdWcwy2Nr4FdirUhuJ7tdhXlAJ9ye9PfjmCeap2xsSvXNJ2pjjPn2VY98=", "X-Gm-Gg": "AeBDiesBI3qdBPiCIxAO70zP8zYtYQWoDNXtRCqAKkOtbVkfMWOE01/LTDKfBhv6biA\n MqyqZsYlgbhwi+nWNMl436rCQNw7GsXzf0AafJBF9+tgfKFsmcjZQsHmw+PKqP4jFKMPfQSjTvY\n OPY5WJ3PIueVFezj184owQROn/iU/ivndIQRB2LOYzELtkXCrc4MNAJKHEQIqEZ91oLmMR+5kM/\n TDfYO6aja822LKOij8xdw09v5Az7BWItZJ+XMjHPyyFKlNVH7vwiwQouCTJXgEduNeJ585VYuM0\n uS7FGfwLOJNc8kn+V01Q0iJrqLTMENTplpxduF+SDmkMoUnGaTHkogHNZALFduKbs0anc3JTGl3\n viqFNTtYGqDuJjW5UWhfXFJmDpPfiHbnVOK81gRnSCkTLaWuxegsGaOI5w0gwahamuA9bKmDBqV\n GbqPlGkni48YkzazpijhbEU9bcGObMPPpyOM2uAEEN/ld1z17CVuQUGlTnhH6nydNaH6mEMH5HH\n 4Bc6kSp4bo4xLQ0TtgWQQ==", "X-Received": "by 2002:a05:620a:4891:b0:8da:dc5d:acf5 with SMTP id\n af79cd13be357-8fd155f2791mr219282185a.12.1777674496150;\n Fri, 01 May 2026 15:28:16 -0700 (PDT)", "From": "Raymond Mao <raymondmaoca@gmail.com>", "To": "u-boot@lists.denx.de", "Cc": "Raymond Mao <raymond.mao@riscstar.com>, Simon Glass <sjg@chromium.org>,\n Tom Rini <trini@konsulko.com>,\n Alexander Sverdlin <alexander.sverdlin@siemens.com>,\n Michal Simek <michal.simek@amd.com>, Pranav Sanwal <pranav.sanwal@amd.com>,\n Casey Connolly <casey.connolly@linaro.org>", "Subject": "[PATCH] lib: fdtdec: validate bloblist FDT before consuming libfdt\n size", "Date": "Fri, 1 May 2026 18:28:00 -0400", "Message-Id": "<20260501222801.1596650-1-raymondmaoca@gmail.com>", "X-Mailer": "git-send-email 2.25.1", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "From: Raymond Mao <raymond.mao@riscstar.com>\n\nCoverity Scan defects are observed in fdtdec_apply_bloblist_dtos(),\nsince the live FDT taken from the bloblist is passed to libfdt helpers\nwhich consume header size/offset fields:\n- fdt_open_into()\n- fdt_pack()\n- bloblist_resize(..., fdt_totalsize(...))\n\nAdd a small helper to validate the FDT header and confirm that the\nadvertised totalsize fits within the currently allocated bloblist\nrecord. Use the sanitized size before calling fdt_open_into(), again\nafter overlays are applied before calling fdt_pack(), and once more\nafter packing before shrinking the bloblist record.\n\nThis keeps the existing flow unchanged while making the size consumers\noperate on validated FDT metadata.\n\nFixes: b70cbbfbf94f (\"fdtdec: apply DT overlays from bloblist\")\nAddresses-Coverity-ID: CID 645837: (TAINTED_SCALAR)\nSigned-off-by: Raymond Mao <raymond.mao@riscstar.com>\n---\n lib/fdtdec.c | 44 ++++++++++++++++++++++++++++++++++++++++----\n 1 file changed, 40 insertions(+), 4 deletions(-)", "diff": "diff --git a/lib/fdtdec.c b/lib/fdtdec.c\nindex c6e13b6abef..edeaf16af51 100644\n--- a/lib/fdtdec.c\n+++ b/lib/fdtdec.c\n@@ -1744,9 +1744,31 @@ static int fdtdec_apply_dto_blob(void **blob, __maybe_unused int size)\n \treturn fdt_overlay_apply_verbose((void *)gd->fdt_blob, *blob);\n }\n \n+static int fdtdec_get_valid_fdt_size(const void *fdt, int alloc_size,\n+\t\t\t\t int *fdt_sizep)\n+{\n+\tint ret, fdt_size;\n+\n+\t/*\n+\t * Validate the header before libfdt trusts any header offsets/sizes.\n+\t * Also make sure the advertised totalsize fits in the bloblist record.\n+\t */\n+\tret = fdt_check_header(fdt);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tfdt_size = fdt_totalsize(fdt);\n+\tif (fdt_size > alloc_size)\n+\t\treturn -FDT_ERR_TRUNCATED;\n+\n+\t*fdt_sizep = fdt_size;\n+\n+\treturn 0;\n+}\n+\n static int fdtdec_apply_bloblist_dtos(void)\n {\n-\tint ret;\n+\tint ret, live_fdt_size;\n \tstruct fdt_header *live_fdt;\n \tint blob_size;\n \tsize_t padded_size, max_size;\n@@ -1760,8 +1782,12 @@ static int fdtdec_apply_bloblist_dtos(void)\n \tif (live_fdt != gd->fdt_blob)\n \t\treturn -ENOENT;\n \n+\tret = fdtdec_get_valid_fdt_size(live_fdt, blob_size, &live_fdt_size);\n+\tif (ret)\n+\t\treturn ret;\n+\n \t/* Calculate the allowed padded size */\n-\tpadded_size = fdt_totalsize(live_fdt) + CONFIG_SYS_FDT_PAD;\n+\tpadded_size = live_fdt_size + CONFIG_SYS_FDT_PAD;\n \tmax_size = bloblist_get_total_size() - bloblist_get_size() + blob_size;\n \tif (padded_size > max_size)\n \t\tpadded_size = max_size;\n@@ -1772,6 +1798,7 @@ static int fdtdec_apply_bloblist_dtos(void)\n \t\tif (ret)\n \t\t\treturn ret;\n \n+\t\tblob_size = padded_size;\n \t\tret = fdt_open_into(live_fdt, live_fdt, padded_size);\n \t\tif (ret)\n \t\t\treturn ret;\n@@ -1781,9 +1808,18 @@ static int fdtdec_apply_bloblist_dtos(void)\n \tif (ret)\n \t\treturn ret;\n \n-\t/* Shink the blob to the actual FDT size */\n+\tret = fdtdec_get_valid_fdt_size(live_fdt, blob_size, &live_fdt_size);\n+\tif (ret)\n+\t\treturn ret;\n+\n \tfdt_pack(live_fdt);\n-\treturn bloblist_resize(BLOBLISTT_CONTROL_FDT, fdt_totalsize(live_fdt));\n+\n+\tret = fdtdec_get_valid_fdt_size(live_fdt, blob_size, &live_fdt_size);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\t/* Shrink the blob to the actual FDT size */\n+\treturn bloblist_resize(BLOBLISTT_CONTROL_FDT, live_fdt_size);\n }\n \n int fdtdec_setup(void)\n", "prefixes": [] }