Rework guid for fuzzing
There's a lot of places we do guid comparisons against lists of known
guids. Break these out into helper functions to help not duplicate the
fuzzing logic in a lot of places, and allow us to fuzz these places
appropriately.
Change-Id: I76c79cd62ccc95feb2609d5098db546f740711e1
Signed-off-by: Ed Tanous <etanous@nvidia.com>
diff --git a/cper-parse.c b/cper-parse.c
index 12eb464..e7cde0d 100644
--- a/cper-parse.c
+++ b/cper-parse.c
@@ -237,43 +237,33 @@
//Add the human readable notification type if possible.
const char *notification_type_readable = "Unknown";
- if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeCmcGuid)) {
- notification_type_readable = "CMC";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeCpeGuid)) {
- notification_type_readable = "CPE";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeMceGuid)) {
- notification_type_readable = "MCE";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypePcieGuid)) {
- notification_type_readable = "PCIe";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeInitGuid)) {
- notification_type_readable = "INIT";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeNmiGuid)) {
- notification_type_readable = "NMI";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeBootGuid)) {
- notification_type_readable = "Boot";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeDmarGuid)) {
- notification_type_readable = "DMAr";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeSeaGuid)) {
- notification_type_readable = "SEA";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeSeiGuid)) {
- notification_type_readable = "SEI";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypePeiGuid)) {
- notification_type_readable = "PEI";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeCxlGuid)) {
- notification_type_readable = "CXL Component";
+
+ EFI_GUID *guids[] = {
+ &gEfiEventNotificationTypeCmcGuid,
+ &gEfiEventNotificationTypeCpeGuid,
+ &gEfiEventNotificationTypeMceGuid,
+ &gEfiEventNotificationTypePcieGuid,
+ &gEfiEventNotificationTypeInitGuid,
+ &gEfiEventNotificationTypeNmiGuid,
+ &gEfiEventNotificationTypeBootGuid,
+ &gEfiEventNotificationTypeDmarGuid,
+ &gEfiEventNotificationTypeSeaGuid,
+ &gEfiEventNotificationTypeSeiGuid,
+ &gEfiEventNotificationTypePeiGuid,
+ &gEfiEventNotificationTypeCxlGuid,
+ };
+
+ const char *readable_names[] = {
+ "CMC", "CPE", "MCE", "PCIe", "INIT", "NMI",
+ "Boot", "DMAr", "SEA", "SEI", "PEI", "CXL Component"
+ };
+
+ int index = select_guid_from_list(&header->NotificationType, guids,
+ sizeof(guids) / sizeof(EFI_GUID *));
+ if (index < (int)(sizeof(readable_names) / sizeof(char *))) {
+ notification_type_readable = readable_names[index];
}
+
json_object_object_add(
notification_type, "type",
json_object_new_string(notification_type_readable));
@@ -332,13 +322,11 @@
add_guid(section_type, "data", §ion_descriptor->SectionType);
//Readable section type, if possible.
const char *section_type_readable = "Unknown";
- for (size_t i = 0; i < section_definitions_len; i++) {
- if (guid_equal(section_definitions[i].Guid,
- §ion_descriptor->SectionType)) {
- section_type_readable =
- section_definitions[i].ReadableName;
- break;
- }
+
+ CPER_SECTION_DEFINITION *section =
+ select_section_by_guid(§ion_descriptor->SectionType);
+ if (section != NULL) {
+ section_type_readable = section->ReadableName;
}
json_object_object_add(section_type, "type",
@@ -403,6 +391,31 @@
return result;
}
+CPER_SECTION_DEFINITION *select_section_by_guid(EFI_GUID *guid)
+{
+ size_t i = 0;
+ for (; i < section_definitions_len; i++) {
+ if (guid_equal(guid, section_definitions[i].Guid)) {
+ break;
+ }
+ }
+ // It's unlikely fuzzing can reliably come up with a correct guid, given how
+ // much entropy there is. If we're in fuzzing mode, and if we haven't found
+ // a match, try to force a match so we get some coverage. Note, we still
+ // want coverage of the section failed to convert code, so treat index ==
+ // size as section failed to convert.
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (i == section_definitions_len) {
+ i = guid->Data1 % (section_definitions_len + 1);
+ }
+#endif
+ if (i < section_definitions_len) {
+ return §ion_definitions[i];
+ }
+
+ return NULL;
+}
+
//Converts the section described by a single given section descriptor.
json_object *cper_buf_section_to_ir(const void *cper_section_buf, size_t size,
EFI_ERROR_SECTION_DESCRIPTOR *descriptor)
@@ -416,36 +429,13 @@
json_object *result = NULL;
json_object *section_ir = NULL;
- for (size_t i = 0; i < section_definitions_len; i++) {
- if (!guid_equal(section_definitions[i].Guid,
- &descriptor->SectionType)) {
- continue;
- }
- result = read_section(cper_section_buf, size,
- §ion_definitions[i]);
- break;
+ CPER_SECTION_DEFINITION *section =
+ select_section_by_guid(&descriptor->SectionType);
+ if (section != NULL) {
+ result = read_section(cper_section_buf, size, section);
}
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- // It's unlikely fuzzing can reliably come up with a correct guid, given how
- // much entropy there is. If we're in fuzzing mode, and if we haven't found
- // a match, try to force a match so we get some coverage. Note, we still
- // want coverage of the section failed to convert code, so treat index ==
- // size as section failed to convert.
- if (result == NULL) {
- unsigned char index = 0;
- if (index > 0) {
- index = descriptor->SectionType.Data1 %
- section_definitions_len;
- }
- if (index < section_definitions_len) {
- result = read_section(cper_section_buf, size,
- §ion_definitions[index]);
- }
- }
-#endif
-
//Was it an unknown GUID/failed read?
if (result == NULL) {
//Output the data as formatted base64.
diff --git a/cper-utils.c b/cper-utils.c
index c37796d..ffc8ded 100644
--- a/cper-utils.c
+++ b/cper-utils.c
@@ -432,6 +432,28 @@
return 1;
}
+int select_guid_from_list(EFI_GUID *guid, EFI_GUID *guid_list[], int len)
+{
+ int i = 0;
+ for (; i < len; i++) {
+ if (guid_equal(guid, guid_list[i])) {
+ break;
+ }
+ }
+ // It's unlikely fuzzing can reliably come up with a correct guid, given how
+ // much entropy there is. If we're in fuzzing mode, and if we haven't found
+ // a match, try to force a match so we get some coverage. Note, we still
+ // want coverage of the section failed to convert code, so treat index ==
+ // size as section failed to convert.
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (i == len) {
+ i = guid->Data1 % (len + 1);
+ }
+#endif
+
+ return i;
+}
+
void add_untrusted_string(json_object *ir, const char *field_name,
const char *str, int len)
{
diff --git a/include/libcper/cper-utils.h b/include/libcper/cper-utils.h
index e5ec8d4..0231f34 100644
--- a/include/libcper/cper-utils.h
+++ b/include/libcper/cper-utils.h
@@ -60,6 +60,7 @@
int guid_to_string(char *out, size_t out_len, EFI_GUID *guid);
void string_to_guid(EFI_GUID *out, const char *guid);
int guid_equal(EFI_GUID *a, EFI_GUID *b);
+int select_guid_from_list(EFI_GUID *guid, EFI_GUID *guid_list[], int len);
void add_untrusted_string(json_object *ir, const char *field_name,
const char *str, int len);
diff --git a/include/libcper/sections/cper-section.h b/include/libcper/sections/cper-section.h
index 1945b1b..41f9397 100644
--- a/include/libcper/sections/cper-section.h
+++ b/include/libcper/sections/cper-section.h
@@ -22,6 +22,8 @@
extern CPER_SECTION_DEFINITION section_definitions[];
extern const size_t section_definitions_len;
+CPER_SECTION_DEFINITION *select_section_by_guid(EFI_GUID *guid);
+
#ifdef __cplusplus
}
#endif
diff --git a/ir-parse.c b/ir-parse.c
index 34cc085..e599b68 100644
--- a/ir-parse.c
+++ b/ir-parse.c
@@ -174,16 +174,12 @@
//Find the correct section type, and parse.
int section_converted = 0;
- for (size_t i = 0; i < section_definitions_len; i++) {
- if (guid_equal(section_definitions[i].Guid,
- &descriptor->SectionType) &&
- section_definitions[i].ToCPER != NULL) {
- ir = json_object_object_get(
- section, section_definitions[i].ShortName);
- section_definitions[i].ToCPER(ir, out);
- section_converted = 1;
- break;
- }
+ CPER_SECTION_DEFINITION *definition =
+ select_section_by_guid(&descriptor->SectionType);
+ if (definition != NULL) {
+ ir = json_object_object_get(section, definition->ShortName);
+ definition->ToCPER(ir, out);
+ section_converted = 1;
}
//If unknown GUID, so read as a base64 unknown section.
diff --git a/sections/cper-section-ia32x64.c b/sections/cper-section-ia32x64.c
index c04bed1..fe3acca 100644
--- a/sections/cper-section-ia32x64.c
+++ b/sections/cper-section-ia32x64.c
@@ -143,6 +143,13 @@
return record_ir;
}
+EFI_GUID *gEfiIa32x64ErrorTypeGuids[] = {
+ &gEfiIa32x64ErrorTypeCacheCheckGuid,
+ &gEfiIa32x64ErrorTypeTlbCheckGuid,
+ &gEfiIa32x64ErrorTypeBusCheckGuid,
+ &gEfiIa32x64ErrorTypeMsCheckGuid,
+};
+
//Converts a single IA32/x64 processor error info block into JSON IR format.
json_object *cper_ia32x64_processor_error_info_to_ir(
EFI_IA32_X64_PROCESS_ERROR_INFO *error_info)
@@ -155,19 +162,22 @@
//Get the error structure type as a readable string.
const char *readable_type = "Unknown";
- if (guid_equal(&error_info->ErrorType,
- &gEfiIa32x64ErrorTypeCacheCheckGuid)) {
- readable_type = "Cache Check Error";
- } else if (guid_equal(&error_info->ErrorType,
- &gEfiIa32x64ErrorTypeTlbCheckGuid)) {
- readable_type = "TLB Check Error";
- } else if (guid_equal(&error_info->ErrorType,
- &gEfiIa32x64ErrorTypeBusCheckGuid)) {
- readable_type = "Bus Check Error";
- } else if (guid_equal(&error_info->ErrorType,
- &gEfiIa32x64ErrorTypeMsCheckGuid)) {
- readable_type = "MS Check Error";
+
+ const char *readable_names[] = {
+ "Cache Check Error",
+ "TLB Check Error",
+ "Bus Check Error",
+ "MS Check Error",
+ };
+
+ int index = select_guid_from_list(
+ &error_info->ErrorType, gEfiIa32x64ErrorTypeGuids,
+ sizeof(gEfiIa32x64ErrorTypeGuids) / sizeof(EFI_GUID *));
+
+ if (index < (int)(sizeof(readable_names) / sizeof(char *))) {
+ readable_type = readable_names[index];
}
+
json_object_object_add(type, "name",
json_object_new_string(readable_type));
json_object_object_add(error_info_ir, "type", type);
@@ -180,28 +190,30 @@
//Cache and TLB check information are identical, so can be equated.
if (isvalid_prop_to_ir(&ui64Type, 0)) {
json_object *check_information = NULL;
- if (guid_equal(&error_info->ErrorType,
- &gEfiIa32x64ErrorTypeCacheCheckGuid) ||
- guid_equal(&error_info->ErrorType,
- &gEfiIa32x64ErrorTypeTlbCheckGuid)) {
+
+ switch (index) {
+ case 0:
+ case 1:
check_information = cper_ia32x64_cache_tlb_check_to_ir(
(EFI_IA32_X64_CACHE_CHECK_INFO *)&error_info
->CheckInfo);
- } else if (guid_equal(&error_info->ErrorType,
- &gEfiIa32x64ErrorTypeBusCheckGuid)) {
+ break;
+ case 2:
check_information = cper_ia32x64_bus_check_to_ir(
(EFI_IA32_X64_BUS_CHECK_INFO *)&error_info
->CheckInfo);
- } else if (guid_equal(&error_info->ErrorType,
- &gEfiIa32x64ErrorTypeMsCheckGuid)) {
+ break;
+ case 3:
check_information = cper_ia32x64_ms_check_to_ir(
(EFI_IA32_X64_MS_CHECK_INFO *)&error_info
->CheckInfo);
-
- } else {
+ break;
+ default:
//Unknown check information.
printf("WARN: Invalid/unknown check information GUID found in IA32/x64 CPER section. Ignoring.\n");
+ break;
}
+
json_object_object_add(error_info_ir, "checkInfo",
check_information);
}
@@ -763,26 +775,35 @@
//Check information, parsed based on the error type.
if (json_object_object_get_ex(error_info, "checkInfo", &obj)) {
json_object *check_info = obj;
- if (guid_equal(&error_info_cper->ErrorType,
- &gEfiIa32x64ErrorTypeCacheCheckGuid) ||
- guid_equal(&error_info_cper->ErrorType,
- &gEfiIa32x64ErrorTypeTlbCheckGuid)) {
+
+ int index = select_guid_from_list(
+ &error_info_cper->ErrorType, gEfiIa32x64ErrorTypeGuids,
+ sizeof(gEfiIa32x64ErrorTypeGuids) / sizeof(EFI_GUID *));
+
+ switch (index) {
+ case 0:
+ case 1:
ir_ia32x64_cache_tlb_check_error_to_cper(
check_info,
(EFI_IA32_X64_CACHE_CHECK_INFO
*)&error_info_cper->CheckInfo);
- } else if (guid_equal(&error_info_cper->ErrorType,
- &gEfiIa32x64ErrorTypeBusCheckGuid)) {
+ break;
+ case 2:
ir_ia32x64_bus_check_error_to_cper(
check_info,
(EFI_IA32_X64_BUS_CHECK_INFO *)&error_info_cper
->CheckInfo);
- } else if (guid_equal(&error_info_cper->ErrorType,
- &gEfiIa32x64ErrorTypeMsCheckGuid)) {
+ break;
+ case 3:
ir_ia32x64_ms_check_error_to_cper(
check_info,
(EFI_IA32_X64_MS_CHECK_INFO *)&error_info_cper
->CheckInfo);
+ break;
+ default:
+ //Unknown check information.
+ printf("WARN: Invalid/unknown check information GUID found in IA32/x64 CPER section. Ignoring.\n");
+ break;
}
add_to_valid_bitfield(&ui64Type, 0);
}