Fix a UB when fdt_get_string return null

When fdt_get_string return null, `namep` is not correctly reset. From the document of `fdt_getprop_by_offset`, the parameter `namep` will be always overwritten (that is, it will be overwritten without exception of error occurance). As for the caller (like https://github.com/topjohnwu/Magisk/blob/e097c097feb881f6097b6d1dc346f310bc92f5d6/native/jni/magiskboot/dtb.cpp#L42), the code may be like: ```cpp size_t size; const char *name; auto *value = fdt_getprop_by_offset(fdt, prop, &name, &size); ``` and if `value == nullptr`, `size` is also be overwritten correctly but `name` is not, which is quite inconsistent. This commit makes sure `name` and `size` behavior consistently (reset to reasonable value) when error occurs. Signed-off-by: LoveSy <shana@zju.edu.cn> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
dgibson · Dec 28, 2021 · c0c2e11 · c0c2e11
1 parent cd5f69c
commit c0c2e11
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/libfdt/fdt_ro.c b/libfdt/fdt_ro.c
@@ -481,12 +481,12 @@ const void *fdt_getprop_by_offset(const void *fdt, int offset,
 		if (!can_assume(VALID_INPUT)) {
 			name = fdt_get_string(fdt, fdt32_ld_(&prop->nameoff),
 					      &namelen);
+			*namep = name;
 			if (!name) {
 				if (lenp)
 					*lenp = namelen;
 				return NULL;
 			}
-			*namep = name;
 		} else {
 			*namep = fdt_string(fdt, fdt32_ld_(&prop->nameoff));
 		}