--- zzzz-none-000/linux-5.4.213/scripts/dtc/libfdt/fdt.c 2022-09-15 10:04:56.000000000 +0000 +++ miami-7690-761/linux-5.4.213/scripts/dtc/libfdt/fdt.c 2024-05-29 11:20:02.000000000 +0000 @@ -51,6 +51,33 @@ return 1; } +#if defined(CONFIG_AVM_ENHANCED) +static inline int check_and_correct_fdt_urlader_quirk(uint32_t hdrsize, void *fdt) +{ + int ret = 1; + if (!check_block_(hdrsize, fdt_totalsize(fdt), + fdt_off_dt_struct(fdt), + fdt_size_dt_struct(fdt))) { + /* + * on some older urlader versions these values were writen in LE instead of BE, + * so write them again without the conversion from expected BE to LE and check again + */ + fdt_set_size_dt_strings(fdt, ((struct fdt_header *)(fdt))->size_dt_strings); + fdt_set_size_dt_struct(fdt, ((struct fdt_header *)(fdt))->size_dt_struct); + ret = check_block_(hdrsize, fdt_totalsize(fdt), + fdt_off_dt_struct(fdt), + fdt_size_dt_struct(fdt)); + } + + return ret; +} +#else +#define check_and_correct_fdt_urlader_quirk(hdrsize, fdt) check_block_(hdrsize, fdt_totalsize(fdt), \ + fdt_off_dt_struct(fdt), \ + fdt_size_dt_struct(fdt)) +#endif + + size_t fdt_header_size_(uint32_t version) { if (version <= 1) @@ -92,10 +119,8 @@ fdt_off_dt_struct(fdt))) return -FDT_ERR_TRUNCATED; } else { - if (!check_block_(hdrsize, fdt_totalsize(fdt), - fdt_off_dt_struct(fdt), - fdt_size_dt_struct(fdt))) - return -FDT_ERR_TRUNCATED; + if (!check_and_correct_fdt_urlader_quirk(hdrsize, (void*)fdt)) + return -FDT_ERR_TRUNCATED; } /* Bounds check strings block */ @@ -115,7 +140,15 @@ || (absoffset + len) > fdt_totalsize(fdt)) return NULL; - if (fdt_version(fdt) >= 0x11) + if (fdt_version(fdt) >= 0x11 +#ifdef CONFIG_OF_AVM_DT + /* In case the dt was build in v17 but without offset + * information, we verify that the offset contains a non + * zero value. + */ + && fdt_size_dt_struct(fdt) +#endif + ) if (((offset + len) < offset) || ((offset + len) > fdt_size_dt_struct(fdt))) return NULL;