search

dgibson / dtc

Device Tree Compiler
218 stars 130 forks source link

Fix segmentation fault in check_graph_node and crash in check_graph_child_address #92

Closed jbeisswenger-cetitec closed 1 year ago

jbeisswenger-cetitec commented 1 year ago

check_graph_node() dereferences node->parent without checking whether it is NULL first (i.e. the root node). As a result a segmentation fault occurs for dts files which contain an 'endpoint' node as a direct child of the root node. This type of error can easily happen when a 'remote-endpoint' property is accidentally placed outside the corresponding endpoint and port nodes.

Minimal example with 'endpoint' node:

/dts-v1/;
/ { endpoint {};  };

Minimal example with remote-endpoint property:

/dts-v1/;
/ {
    foo {
                remote-endpoint = <0xdeadbeef>;
    };
};

While fixing above issue I ran into an assertion in check_graph_child_address which can be triggered with the following example:

/dts-v1/;
 / {
    bar: bar {
        port {
            bar_con: endpoint {
                remote-endpoint = <&foo_con>;
            };
        };
    };
    foo {
        port {
            #address-cells = <1>;
            #size-cells = <1>; // should always be 0
            foo_con: endpoint@1 {
                reg = <1 2>; // causes assertion failure instead of diagnostic
                remote-endpoint = <&bar_con>;
            };
        };
    };
};

The condition that triggers this issue is actually caught by check_graph_port(), however check_graph_child_address() runs first hiding the warning.

jbeisswenger-cetitec commented 1 year ago

Rebased onto main.

dgibson commented 1 year ago

Thanks for the update, this looks good now. Merged.