:: commit a758e57880bfd358b3443e6f705725ea25337f78
lib/misc: Check for overflow in DTB reallocation size
diff --git a/common/lib/misc.c b/common/lib/misc.c
index 58c2bd3d..408df43a 100644
--- a/common/lib/misc.c
+++ b/common/lib/misc.c
@@ -170,9 +170,11 @@ void *get_device_tree_blob(const char *config, size_t extra_size) {
if (dtb) {
printv("dtb: dtb has size %X\n", (uint64_t)size);
- void *new_tab = ext_mem_alloc(size + extra_size);
+ size_t new_size = CHECKED_ADD(size, extra_size,
+ panic(true, "dtb: size overflow"));
+ void *new_tab = ext_mem_alloc(new_size);
- ret = fdt_open_into(dtb, new_tab, size + extra_size);
+ ret = fdt_open_into(dtb, new_tab, new_size);
if (ret < 0) {
panic(true, "dtb: failed to resize new DTB");
}
