common/spl: Revert fix potential out of buffer access in spl_fit_get_image_name function

The change in commit 3704b888a4ca ("common/spl: fix potential out of buffer
access in spl_fit_get_image_name function") led to function
spl_fit_get_image_name() no longer detecting if a property does not exist
at a non-zero buffer.

Link: https://lore.kernel.org/u-boot/38f5d078-3328-4bdb-9c95-4fb5fe89ddc2@gmx.de/T/#m59f3a23e675daa992c28d12236de71cae2ca2bb9
Fixes: 3704b888a4ca ("common/spl: fix potential out of buffer access in spl_fit_get_image_name function")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: E Shattow <e@freeshell.de>

diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index b3824af..e250c11 100644 (file)
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -86,12 +86,11 @@ static int spl_fit_get_image_name(const struct spl_fit_info *ctx,
 
        str = name;
        for (i = 0; i < index; i++) {
-               str = memchr(str, '\0', name + len - str);
-               if (!str) {
+               str = strchr(str, '\0') + 1;
+               if (!str || (str - name >= len)) {
                        found = false;
                        break;
                }
-               str++;
        }
 
        if (!found && CONFIG_IS_ENABLED(SYSINFO) && !sysinfo_get(&sysinfo)) {