Fix a UB when fdt_get_string return null

yujincheng08 · dgibson · commit c0c2e115f82e · 2021-12-28T20:11:11.000+11:00
When fdt_get_string return null, `namep` is not correctly reset. From the document of `fdt_getprop_by_offset`, the parameter `namep` will be always overwritten (that is, it will be overwritten without exception of error occurance). As for the caller (like https://github.com/topjohnwu/Magisk/blob/e097c097feb881f6097b6d1dc346f310bc92f5d6/native/jni/magiskboot/dtb.cpp#L42), the code may be like: ```cpp size_t size; const char *name; auto *value = fdt_getprop_by_offset(fdt, prop, &name, &size); ``` and if `value == nullptr`, `size` is also be overwritten correctly but `name` is not, which is quite inconsistent. This commit makes sure `name` and `size` behavior consistently (reset to reasonable value) when error occurs. Signed-off-by: LoveSy <shana@zju.edu.cn> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
diff --git a/libfdt/fdt_ro.c b/libfdt/fdt_ro.c
@@ -481,12 +481,12 @@ const void *fdt_getprop_by_offset(const void *fdt, int offset,
 		if (!can_assume(VALID_INPUT)) {
 			name = fdt_get_string(fdt, fdt32_ld_(&prop->nameoff),
 					      &namelen);
+			*namep = name;
 			if (!name) {
 				if (lenp)
 					*lenp = namelen;
 				return NULL;
 			}
-			*namep = name;
 		} else {
 			*namep = fdt_string(fdt, fdt32_ld_(&prop->nameoff));
 		}

Original file line number	Diff line number	Diff line change
`@@ -481,12 +481,12 @@ const void fdt_getprop_by_offset(const void fdt, int offset,`
`481`	`481`	`if (!can_assume(VALID_INPUT)) {`
`482`	`482`	`name = fdt_get_string(fdt, fdt32_ld_(&prop->nameoff),`
`483`	`483`	`&namelen);`
	`484`	`+ *namep = name;`
`484`	`485`	`if (!name) {`
`485`	`486`	`if (lenp)`
`486`	`487`	`*lenp = namelen;`
`487`	`488`	`return NULL;`
`488`	`489`	`}`
`489`		`- *namep = name;`
`490`	`490`	`} else {`
`491`	`491`	`*namep = fdt_string(fdt, fdt32_ld_(&prop->nameoff));`
`492`	`492`	`}`