commit 0a4b3f2d907794ae5f40298046824911362d9a50
author Lawrence Tang <lawrence.tang@arm.com> Thu Jul 21 10:40:10 2022 +0100
committer Lawrence Tang <lawrence.tang@arm.com> Thu Jul 21 10:40:10 2022 +0100
tree 67cd098feb8cfcca96ea4e804b6f6e554e36f645
parent e29006a8cb19b1b6a97c2f756f9e3391de5da31c

Fix bugs appearing from fuzzing.

generator/sections/gen-section-cxl-protocol.c

diff --git a/generator/sections/gen-section-cxl-protocol.c b/generator/sections/gen-section-cxl-protocol.c
index 64326f9..85457ce 100644
--- a/generator/sections/gen-section-cxl-protocol.c
+++ b/generator/sections/gen-section-cxl-protocol.c
@@ -45,6 +45,13 @@
     reserved = (UINT32*)(bytes + 112);
     *reserved = 0; //Reserved bytes 112-115.
 
+    //If the device is a host downstream port, serial/capability structure is invalid.
+    if (cxl_agent_type != 0)
+    {
+        for (int i=0; i<68; i++)
+            *(bytes + 40 + i) = 0; //Device serial & capability structure.
+    }
+
     //Set expected values.
     UINT16* dvsec_length_field = (UINT16*)(bytes + 108);
     UINT16* error_log_len_field = (UINT16*)(bytes + 110);

generator/sections/gen-section-dmar.c

diff --git a/generator/sections/gen-section-dmar.c b/generator/sections/gen-section-dmar.c
index d0bbb5e..cb732cc 100644
--- a/generator/sections/gen-section-dmar.c
+++ b/generator/sections/gen-section-dmar.c
@@ -44,6 +44,12 @@
     //Set reserved areas to zero.
     for (int i=0; i<12; i++)
         *(bytes + 36 + i) = 0; //Reserved bytes 36-47.
+    UINT8* fault_record = bytes + 48;
+    UINT32* reserved = (UINT32*)(fault_record);
+    *reserved &= ~0xFFF; //First 12 bits of fault record.
+    reserved = (UINT32*)(fault_record + 10);
+    *reserved &= ~0x1FFF; //Bits 80-92 of fault record.
+    *(fault_record + 15) &= 0x7; //Very last bit of fault record.
 
     //Set return values, exit.
     *location = bytes;
@@ -60,7 +66,7 @@
     
     //Set reserved areas to zero.
     for (int i=0; i<7; i++)
-        *(bytes + 1 + i) + 0; //Reserved bytes 1 to 7.
+        *(bytes + 1 + i) = 0; //Reserved bytes 1 to 7.
     UINT64* reserved = (UINT64*)(bytes + 24);
     *reserved = 0; //Reserved bytes 24-31.
     for (int i=0; i<16; i++)

generator/sections/gen-section-firmware.c

diff --git a/generator/sections/gen-section-firmware.c b/generator/sections/gen-section-firmware.c
index 09c47ff..5b39fa1 100644
--- a/generator/sections/gen-section-firmware.c
+++ b/generator/sections/gen-section-firmware.c
@@ -18,8 +18,8 @@
     UINT8* bytes = generate_random_bytes(size);
     
     //Set reserved areas to zero.
-    for (int i=0; i<7; i++)
-        *(bytes + 2 + i) = 0; //Reserved bytes 2-9.
+    for (int i=0; i<6; i++)
+        *(bytes + 2 + i) = 0; //Reserved bytes 2-7.
 
     //Set expected values.
     *(bytes + 1) = 2; //Revision, referenced version of spec is 2.

generator/sections/gen-section-pci-bus.c

diff --git a/generator/sections/gen-section-pci-bus.c b/generator/sections/gen-section-pci-bus.c
index 9afd9ad..cbe5b81 100644
--- a/generator/sections/gen-section-pci-bus.c
+++ b/generator/sections/gen-section-pci-bus.c
@@ -14,7 +14,7 @@
 size_t generate_section_pci_bus(void** location)
 {
     //Create random bytes.
-    int size = 208;
+    int size = 72;
     UINT8* bytes = generate_random_bytes(size);
     
     //Set reserved areas to zero.