Merge cherrypicks of [19524923] into tm-d1-release. Change-Id: I7bc5087a0d83c2438e8bcfb474ed4c94e2e27786

commit: 8c3222fadfed646f53a493e8a7aae3dedba3f9f9 [log] [tgz]
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Thu Aug 18 02:23:43 2022 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Thu Aug 18 02:23:43 2022 +0000
tree: a601ae0aecc78615e5ffc950b6ae5b05d5cc3173
parent: e86d2fc3878a75041a768c53b09e8133e7147daf [diff]
parent: 0a862f61901b3f6866b2f27686a2b63aca4d0a32 [diff]
diff --git a/libfdt/fdt.c b/libfdt/fdt.c
index 3f9cf3e..17ac7d6 100644
--- a/libfdt/fdt.c
+++ b/libfdt/fdt.c

@@ -134,16 +134,20 @@
 
 const void *fdt_offset_ptr(const void *fdt, int offset, unsigned int len)
 {
-	unsigned absoffset = offset + fdt_off_dt_struct(fdt);
+	unsigned int uoffset = offset;
+	unsigned int absoffset = offset + fdt_off_dt_struct(fdt);
+
+	if (offset < 0)
+		return NULL;
 
 	if (!can_assume(VALID_INPUT))
-		if ((absoffset < offset)
+		if ((absoffset < uoffset)
 		    || ((absoffset + len) < absoffset)
 		    || (absoffset + len) > fdt_totalsize(fdt))
 			return NULL;
 
 	if (can_assume(LATEST) || fdt_version(fdt) >= 0x11)
-		if (((offset + len) < offset)
+		if (((uoffset + len) < uoffset)
 		    || ((offset + len) > fdt_size_dt_struct(fdt)))
 			return NULL;
commit	8c3222fadfed646f53a493e8a7aae3dedba3f9f9	[log] [tgz]
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Thu Aug 18 02:23:43 2022 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Thu Aug 18 02:23:43 2022 +0000
tree	a601ae0aecc78615e5ffc950b6ae5b05d5cc3173
parent	e86d2fc3878a75041a768c53b09e8133e7147daf [diff]
parent	0a862f61901b3f6866b2f27686a2b63aca4d0a32 [diff]