• Grant Likely's avatar
    of: Fix overflow bug in string property parsing functions · 96db9738
    Grant Likely authored
    commit a87fa1d81a9fb5e9adca9820e16008c40ad09f33 upstream.
    
    The string property read helpers will run off the end of the buffer if
    it is handed a malformed string property. Rework the parsers to make
    sure that doesn't happen. At the same time add new test cases to make
    sure the functions behave themselves.
    
    The original implementations of of_property_read_string_index() and
    of_property_count_strings() both open-coded the same block of parsing
    code, each with it's own subtly different bugs. The fix here merges
    functions into a single helper and makes the original functions static
    inline wrappers around the helper.
    
    One non-bugfix aspect of this patch is the addition of a new wrapper,
    of_property_read_string_array(). The new wrapper is needed by the
    device_properties feature that Rafael is working on and planning to
    merge for v3.19. The implementation is identical both with and without
    the new static inline wrapper, so it just got left in to reduce the
    churn on the header file.
    Signed-off-by: default avatarGrant Likely <grant.likely@linaro.org>
    Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
    Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
    Cc: Rob Herring <robh+dt@kernel.org>
    Cc: Arnd Bergmann <arnd@arndb.de>
    Cc: Darren Hart <darren.hart@intel.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    96db9738
base.c 43.6 KB