chore(libfdt): update to v1.7.0 source files

Update libfdt to source files from v1.7.0 release.
Upstream commit:
https://github.com/dgibson/dtc/commit/039a99414e778332d8f9c04cbd3072e1dcc62798

Change-Id: I7e0475d2ddb819691f476e1753d1c899f8d7c278
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>

diff --git a/lib/libfdt/fdt.c b/lib/libfdt/fdt.c
index 9fe7cf4b747dc9d8a27d3c1b8944041569a83437..20c6415b9ced113d9fcce25b69007a6b0f9e68e7 100644 (file)
--- a/lib/libfdt/fdt.c
+++ b/lib/libfdt/fdt.c
@@ -106,7 +106,6 @@ int fdt_check_header(const void *fdt)
        }
        hdrsize = fdt_header_size(fdt);
        if (!can_assume(VALID_DTB)) {
-
                if ((fdt_totalsize(fdt) < hdrsize)
                    || (fdt_totalsize(fdt) > INT_MAX))
                        return -FDT_ERR_TRUNCATED;
@@ -115,9 +114,7 @@ int fdt_check_header(const void *fdt)
                if (!check_off_(hdrsize, fdt_totalsize(fdt),
                                fdt_off_mem_rsvmap(fdt)))
                        return -FDT_ERR_TRUNCATED;
-       }
 
-       if (!can_assume(VALID_DTB)) {
                /* Bounds check structure block */
                if (!can_assume(LATEST) && fdt_version(fdt) < 17) {
                        if (!check_off_(hdrsize, fdt_totalsize(fdt),
@@ -165,7 +162,7 @@ const void *fdt_offset_ptr(const void *fdt, int offset, unsigned int len)
 uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset)
 {
        const fdt32_t *tagp, *lenp;
-       uint32_t tag;
+       uint32_t tag, len, sum;
        int offset = startoffset;
        const char *p;
 
@@ -191,12 +188,19 @@ uint32_t fdt_next_tag(const void *fdt, int startoffset, int *nextoffset)
                lenp = fdt_offset_ptr(fdt, offset, sizeof(*lenp));
                if (!can_assume(VALID_DTB) && !lenp)
                        return FDT_END; /* premature end */
+
+               len = fdt32_to_cpu(*lenp);
+               sum = len + offset;
+               if (!can_assume(VALID_DTB) &&
+                   (INT_MAX <= sum || sum < (uint32_t) offset))
+                       return FDT_END; /* premature end */
+
                /* skip-name offset, length and value */
-               offset += sizeof(struct fdt_property) - FDT_TAGSIZE
-                       + fdt32_to_cpu(*lenp);
+               offset += sizeof(struct fdt_property) - FDT_TAGSIZE + len;
+
                if (!can_assume(LATEST) &&
-                   fdt_version(fdt) < 0x10 && fdt32_to_cpu(*lenp) >= 8 &&
-                   ((offset - fdt32_to_cpu(*lenp)) % 8) != 0)
+                   fdt_version(fdt) < 0x10 && len >= 8 &&
+                   ((offset - len) % 8) != 0)
                        offset += 4;
                break;