Rework guid for fuzzing
There's a lot of places we do guid comparisons against lists of known
guids. Break these out into helper functions to help not duplicate the
fuzzing logic in a lot of places, and allow us to fuzz these places
appropriately.
Change-Id: I76c79cd62ccc95feb2609d5098db546f740711e1
Signed-off-by: Ed Tanous <etanous@nvidia.com>
diff --git a/cper-parse.c b/cper-parse.c
index 12eb464..e7cde0d 100644
--- a/cper-parse.c
+++ b/cper-parse.c
@@ -237,43 +237,33 @@
//Add the human readable notification type if possible.
const char *notification_type_readable = "Unknown";
- if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeCmcGuid)) {
- notification_type_readable = "CMC";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeCpeGuid)) {
- notification_type_readable = "CPE";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeMceGuid)) {
- notification_type_readable = "MCE";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypePcieGuid)) {
- notification_type_readable = "PCIe";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeInitGuid)) {
- notification_type_readable = "INIT";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeNmiGuid)) {
- notification_type_readable = "NMI";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeBootGuid)) {
- notification_type_readable = "Boot";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeDmarGuid)) {
- notification_type_readable = "DMAr";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeSeaGuid)) {
- notification_type_readable = "SEA";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeSeiGuid)) {
- notification_type_readable = "SEI";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypePeiGuid)) {
- notification_type_readable = "PEI";
- } else if (guid_equal(&header->NotificationType,
- &gEfiEventNotificationTypeCxlGuid)) {
- notification_type_readable = "CXL Component";
+
+ EFI_GUID *guids[] = {
+ &gEfiEventNotificationTypeCmcGuid,
+ &gEfiEventNotificationTypeCpeGuid,
+ &gEfiEventNotificationTypeMceGuid,
+ &gEfiEventNotificationTypePcieGuid,
+ &gEfiEventNotificationTypeInitGuid,
+ &gEfiEventNotificationTypeNmiGuid,
+ &gEfiEventNotificationTypeBootGuid,
+ &gEfiEventNotificationTypeDmarGuid,
+ &gEfiEventNotificationTypeSeaGuid,
+ &gEfiEventNotificationTypeSeiGuid,
+ &gEfiEventNotificationTypePeiGuid,
+ &gEfiEventNotificationTypeCxlGuid,
+ };
+
+ const char *readable_names[] = {
+ "CMC", "CPE", "MCE", "PCIe", "INIT", "NMI",
+ "Boot", "DMAr", "SEA", "SEI", "PEI", "CXL Component"
+ };
+
+ int index = select_guid_from_list(&header->NotificationType, guids,
+ sizeof(guids) / sizeof(EFI_GUID *));
+ if (index < (int)(sizeof(readable_names) / sizeof(char *))) {
+ notification_type_readable = readable_names[index];
}
+
json_object_object_add(
notification_type, "type",
json_object_new_string(notification_type_readable));
@@ -332,13 +322,11 @@
add_guid(section_type, "data", §ion_descriptor->SectionType);
//Readable section type, if possible.
const char *section_type_readable = "Unknown";
- for (size_t i = 0; i < section_definitions_len; i++) {
- if (guid_equal(section_definitions[i].Guid,
- §ion_descriptor->SectionType)) {
- section_type_readable =
- section_definitions[i].ReadableName;
- break;
- }
+
+ CPER_SECTION_DEFINITION *section =
+ select_section_by_guid(§ion_descriptor->SectionType);
+ if (section != NULL) {
+ section_type_readable = section->ReadableName;
}
json_object_object_add(section_type, "type",
@@ -403,6 +391,31 @@
return result;
}
+CPER_SECTION_DEFINITION *select_section_by_guid(EFI_GUID *guid)
+{
+ size_t i = 0;
+ for (; i < section_definitions_len; i++) {
+ if (guid_equal(guid, section_definitions[i].Guid)) {
+ break;
+ }
+ }
+ // It's unlikely fuzzing can reliably come up with a correct guid, given how
+ // much entropy there is. If we're in fuzzing mode, and if we haven't found
+ // a match, try to force a match so we get some coverage. Note, we still
+ // want coverage of the section failed to convert code, so treat index ==
+ // size as section failed to convert.
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (i == section_definitions_len) {
+ i = guid->Data1 % (section_definitions_len + 1);
+ }
+#endif
+ if (i < section_definitions_len) {
+ return §ion_definitions[i];
+ }
+
+ return NULL;
+}
+
//Converts the section described by a single given section descriptor.
json_object *cper_buf_section_to_ir(const void *cper_section_buf, size_t size,
EFI_ERROR_SECTION_DESCRIPTOR *descriptor)
@@ -416,36 +429,13 @@
json_object *result = NULL;
json_object *section_ir = NULL;
- for (size_t i = 0; i < section_definitions_len; i++) {
- if (!guid_equal(section_definitions[i].Guid,
- &descriptor->SectionType)) {
- continue;
- }
- result = read_section(cper_section_buf, size,
- §ion_definitions[i]);
- break;
+ CPER_SECTION_DEFINITION *section =
+ select_section_by_guid(&descriptor->SectionType);
+ if (section != NULL) {
+ result = read_section(cper_section_buf, size, section);
}
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- // It's unlikely fuzzing can reliably come up with a correct guid, given how
- // much entropy there is. If we're in fuzzing mode, and if we haven't found
- // a match, try to force a match so we get some coverage. Note, we still
- // want coverage of the section failed to convert code, so treat index ==
- // size as section failed to convert.
- if (result == NULL) {
- unsigned char index = 0;
- if (index > 0) {
- index = descriptor->SectionType.Data1 %
- section_definitions_len;
- }
- if (index < section_definitions_len) {
- result = read_section(cper_section_buf, size,
- §ion_definitions[index]);
- }
- }
-#endif
-
//Was it an unknown GUID/failed read?
if (result == NULL) {
//Output the data as formatted base64.