[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/3] libfdt: fix UBSAN null pointer in fdt_property()

  • To: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Orzel, Michal" <michal.orzel@xxxxxxx>
  • Date: Tue, 26 May 2026 08:22:44 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=gmail.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UkCzIeLvWAh14bJC5YgrJi7rKh2KALBGsS7powMCtXQ=; b=Cs9ffql22BTLbj8GBVCfsJalxYyd5+CJ/0oxc8WEmfp8z82o+CUb/V0nA8W8hufys/snaE4NrgnPPMyVzSLQyjs65oWU+n2h/lcmLb5xR4/PZ5rtPUKWpM3ehkWbdy2VQ2aXROA7cuS4/dfWxckslyFMmSrcRh8DURhvjH0ev9DbNUZljaG8cXRCfbESRZIbItG6P1Sns9WAeW8em3CVGeipl66BRd615qWXIRIXWAQrXzdIZQtYTD+Y/c1zRD02PMzU8MylkU3G7rJuupNSaSKrtv/hQOTrN8nIPuVA1zmX6bVeAwD4cGVZ/MUDFD5may1NcHsDQgVc3YT9WFYChg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ehJHvpXzD7WIvvFuJcG0IYZ8Z1AYGsEH6QqWnKMWzZMsvFnSq07ETFf7XQbpQccI/ppSQgLTivaqlb7kKasI9HL+RN0xjzl4txyCnRkcuLoPQctwd2GBgMKIJoklNfKIQczoiBYzC3oAJa+NjD4+6F/Mcb5d2BCfFU+9anJr7K/o+VGUoMFDpI7YIS4U2N6Th7ONg6puZ8hCmOQNvbgwqQlbkDWl9D6ruVghx3vM+bJumW7lKqdR1Wzb0UMVtyGtIdx6USJBlzaiiOjbIdh2jwPWM0voiDrzlxqnU1ml8EK1YjEyfhjDCddEwHLgsKVxbvifMLDKHqnzLAJt1Hq3Ng==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>, Baptiste Le Duc <baptiste.le-duc@xxxxxxxxxx>
  • Delivery-date: Tue, 26 May 2026 06:23:20 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 25-May-26 15:20, Oleksii Kurochko wrote:
> fdt_property() unconditionally calls memcpy(ptr, val, len) even when
> len is zero and val is NULL.  This is a legitimate calling convention
> for adding empty FDT properties such as "interrupt-controller", which
> carry no payload.
> 
> However, compilers that treat memcpy as nonnull on its pointer arguments
> will fire UBSAN before observing that len is zero.
> 
> Guard the memcpy() with a check on len so it is skipped entirely when
> there is no payload to copy, bringing the code in line with the
> nonnull contract.
> 
> Signed-off-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
> Origin: git://git.kernel.org/pub/scm/utils/dtc/dtc.git f57e7df35df4
> 
> Fixes: f0ea06558068 ("libfdt: add version 1.3.0")
> Signed-off-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
> Reviewed-by: Baptiste Le Duc <baptiste.le-duc@xxxxxxxxxx>
Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx>

~Michal

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.