Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / libcper / 12dbd4fd4fd341e83ce31f6af710dbc211fb47fd^! / . / cper-parse.c
commit12dbd4fd4fd341e83ce31f6af710dbc211fb47fd[log] [tgz]
authorEd Tanous <etanous@nvidia.com>Sat Mar 08 19:05:01 2025 -0800
committerEd Tanous <ed@tanous.net>Tue Mar 18 22:55:13 2025 +0000
tree780a2a5f83da4390987304fa30dbb13bb4c83aa5
parentd759a18bd3b74811b3a0c3f21cda0378ea02c5d6 [diff] [blame]
Fix range check bugs

This is a patch hunting for fuzzing failures and adding
appropriate range checks.


Change-Id: Ieae02b7e461b9a6c5e25de6c663a768f7a0d5e10
Signed-off-by: Ed Tanous <etanous@nvidia.com>

diff --git a/cper-parse.c b/cper-parse.c
index 54f4cde..8b62ef6 100644
--- a/cper-parse.c
+++ b/cper-parse.c

@@ -411,14 +411,15 @@
 	return section_descriptor_ir;
 }
 
-json_object *read_section(const unsigned char *cper_section_buf,
-			  CPER_SECTION_DEFINITION *definition,
-			  json_object **section_ir)
+json_object *read_section(const unsigned char *cper_section_buf, size_t size,
+			  CPER_SECTION_DEFINITION *definition)
 {
-	*section_ir = definition->ToIR(cper_section_buf);
-
+	if (definition->ToIR == NULL) {
+		return NULL;
+	}
+	json_object *section_ir = definition->ToIR(cper_section_buf, size);
 	json_object *result = json_object_new_object();
-	json_object_object_add(result, definition->ShortName, *section_ir);
+	json_object_object_add(result, definition->ShortName, section_ir);
 	return result;
 }
 
@@ -435,15 +436,14 @@
 	json_object *result = NULL;
 
 	json_object *section_ir = NULL;
-	int section_converted = 0;
 	for (size_t i = 0; i < section_definitions_len; i++) {
 		if (!guid_equal(section_definitions[i].Guid,
 				&descriptor->SectionType)) {
 			continue;
 		}
-		result = read_section(cper_section_buf, &section_definitions[i],
-				      &section_ir);
-		section_converted = 1;
+		result = read_section(cper_section_buf, size,
+				      &section_definitions[i]);
+
 		break;
 	}
 
@@ -453,23 +453,21 @@
 	// a match, try to force a match so we get some coverage.  Note, we still
 	// want coverage of the section failed to convert code, so treat index ==
 	// size as section failed to convert.
-	if (!section_converted) {
+	if (result == NULL) {
 		unsigned char index = 0;
 		if (index > 0) {
 			index = descriptor->SectionType.Data1 %
 				section_definitions_len;
 		}
 		if (index < section_definitions_len) {
-			result = read_section(cper_section_buf,
-					      &section_definitions[index],
-					      &section_ir);
-			section_converted = 1;
+			result = read_section(cper_section_buf, size,
+					      &section_definitions[index]);
 		}
 	}
 #endif
 
 	//Was it an unknown GUID/failed read?
-	if (!section_converted) {
+	if (result == NULL) {
 		//Output the data as formatted base64.
 		int32_t encoded_len = 0;
 		char *encoded = base64_encode(cper_section_buf,