Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / libcper / 12dbd4fd4fd341e83ce31f6af710dbc211fb47fd^! / . / sections / cper-section-memory.c
commit12dbd4fd4fd341e83ce31f6af710dbc211fb47fd[log] [tgz]
authorEd Tanous <etanous@nvidia.com>Sat Mar 08 19:05:01 2025 -0800
committerEd Tanous <ed@tanous.net>Tue Mar 18 22:55:13 2025 +0000
tree780a2a5f83da4390987304fa30dbb13bb4c83aa5
parentd759a18bd3b74811b3a0c3f21cda0378ea02c5d6 [diff] [blame]
Fix range check bugs

This is a patch hunting for fuzzing failures and adding
appropriate range checks.


Change-Id: Ieae02b7e461b9a6c5e25de6c663a768f7a0d5e10
Signed-off-by: Ed Tanous <etanous@nvidia.com>

diff --git a/sections/cper-section-memory.c b/sections/cper-section-memory.c
index c5a2094..b58bf82 100644
--- a/sections/cper-section-memory.c
+++ b/sections/cper-section-memory.c

@@ -11,8 +11,13 @@
 #include <libcper/sections/cper-section-memory.h>
 
 //Converts a single memory error CPER section into JSON IR.
-json_object *cper_section_platform_memory_to_ir(const void *section)
+json_object *cper_section_platform_memory_to_ir(const UINT8 *section,
+						UINT32 size)
 {
+	if (size < sizeof(EFI_PLATFORM_MEMORY_ERROR_DATA)) {
+		return NULL;
+	}
+
 	EFI_PLATFORM_MEMORY_ERROR_DATA *memory_error =
 		(EFI_PLATFORM_MEMORY_ERROR_DATA *)section;
 	json_object *section_ir = json_object_new_object();
@@ -166,8 +171,13 @@
 }
 
 //Converts a single memory error 2 CPER section into JSON IR.
-json_object *cper_section_platform_memory2_to_ir(const void *section)
+json_object *cper_section_platform_memory2_to_ir(const UINT8 *section,
+						 UINT32 size)
 {
+	if (size < sizeof(EFI_PLATFORM_MEMORY2_ERROR_DATA)) {
+		return NULL;
+	}
+
 	EFI_PLATFORM_MEMORY2_ERROR_DATA *memory_error =
 		(EFI_PLATFORM_MEMORY2_ERROR_DATA *)section;
 	json_object *section_ir = json_object_new_object();