Opened on 03/21/21 at 06:59:36

Closed on 03/21/21 at 11:40:25

#4350 closed defect (fixed)

Infinite loop in rtems-fdt.c

Reported by: niteesh Owned by: niteesh
Priority: normal Milestone:
Component: lib Version: 5
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

The function rtems_fdt_load in file rtems-fdt.c contains an infinite loop.
https://git.rtems.org/rtems/tree/cpukit/libmisc/rtems-fdt/rtems-fdt.c#n583
The loop termination condition, size is not being decremented in the above line. Instead, the amount of bytes read is being decremented.

This bug is present in RTEMS 6 as well as 5

I have attached a patch below that fixes this.

Attachments (1)

0001-rtems-fdt-rtems-fdt.c-Fix-bug-in-loop-termination.patch (884 bytes) - added by niteesh on 03/21/21 at 07:01:00.

Download all attachments as: .zip

Change History (3)

Changed on 03/21/21 at 07:01:00 by niteesh

Attachment: 0001-rtems-fdt-rtems-fdt.c-Fix-bug-in-loop-termination.patch added

comment:1 Changed on 03/21/21 at 07:02:20 by niteesh

Owner: set to niteesh
Status: newaccepted

comment:2 Changed on 03/21/21 at 11:40:25 by G S Niteesh Babu <niteesh.gs@…>

Resolution: fixed
Status: acceptedclosed

In 08f807e/rtems:

rtems-fdt/rtems-fdt.c: Fix bug in loop termination

The while loop, loops infinitely in case of raw FDT data.
The loop condition (size) is not modified during iterations.

Fixes #4350

Note: See TracTickets for help on using tickets.