On Sat, Jun 07, 2025 at 01:31:07AM +0300, Mikhail Kshevetskiy wrote: > The current code have two issues: > 1) ineffective NULL pointer check > > str = strchr(str, '\0') + 1 > if (!str || ... > > The str here will never be NULL (because we add 1 to result of strchr()) > > 2) strchr() may go out of the buffer for the special forms of name variable. > It's better use memchr() function here. > > According to the code the property is a sequence of C-string like > shown below: > > 'h', 'e', 'l', 'l', 'o', '\0', 'w', 'o', 'r', 'l', 'd', '\0', '!', '\0' > > index is the string number we are interested, so > > index = 0 => "hello", > index = 1 => "world", > index = 2 => "!" > > The issue will arrise if last string for some reason have no terminating > '\0' character. This can happen for damaged or specially crafted dtb. > > Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevets...@iopsys.eu>
Thanks for explaining how I was misreading things to badly. Reviewed-by: Tom Rini <tr...@konsulko.com> -- Tom
signature.asc
Description: PGP signature
