Catch unsigned 32bit overflow when parsing flattened device tree offsets

We have a couple of checks of the form:

    if (offset+size > totalsize)
        die();

We need to check that offset+size doesn't overflow, otherwise the check
will pass, and we may access past totalsize.

Found with AFL.

Signed-off-by: Anton Blanchard <anton@samba.org>
[Added a testcase]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
5 files changed