On Wed, 06 May 2026 10:55:33 -0400, Raymond Mao wrote:
> Coverity Scan defects are observed in fdtdec_apply_bloblist_dtos(),
> since the live FDT taken from the bloblist is passed to libfdt helpers
> which consume header size/offset fields:
> - fdt_open_into()
> - fdt_pack()
>
> Validate the bloblist FDT with fdt_check_full() before calling
> fdt_open_into() and again after applying overlays before calling
> fdt_pack(). This makes the libfdt consumers operate on a checked FDT
> blob while keeping the existing flow unchanged.
>
> [...]
Applied to u-boot/master, thanks!
[1/1] lib: fdtdec: validate bloblist FDT before consuming libfdt size
commit: 0a31d3128ee6928d7eac5b830ef79d0a27e3f0a7
--
Tom
