On Mon, 23 Feb 2026 13:40:04 -0700, James Hilliard wrote:
> boot_get_fdt_fit_into_buffer() calls fdt_open_into() for both the
> base FDT and overlay DTO blobs loaded from a FIT image.
>
> Those blobs come from FIT payload data. In the overlay path,
> fit_image_load() is called with FIT_LOAD_IGNORED, so the IH_TYPE_FLATDT
> header check in fit_image_load() is skipped. This leaves fdt_open_into()
> to consume header-derived offsets/sizes from unvalidated input.
>
> [...]
Applied to u-boot/master, thanks!
[1/1] boot: fit: validate FDT/DTO payload before fdt_open_into()
commit: 0b2939464feef001e4d4b69578f29a7a4d572fcd
--
Tom
