commit 36324f6bea8c5de1e380659bb56aca5e0b8724b4
author Andrew Jeffery <andrew@codeconstruct.com.au> Wed Sep 25 13:41:41 2024 +0930
committer Andrew Jeffery <andrew@codeconstruct.com.au> Tue Oct 08 18:01:15 2024 +1030
tree 3e57889667e5f5267d1b2fd14358c10468eb9e4f
parent a180963a4e3279fca3331d94d9ab71f13b7048fc

Apply GCC's tainted_args attribute to library entrypoints

The implementation applies `__attribute__((tainted_args))` by
integrating it into the existing ABI macro annotations.

In the process, quite a number of APIs were discovered to be unsafe in
ways that were not immediately fixable. Often this is because they lack
arguments that enable the appropriate bounds-checking to be applied.

Redesigning them is work beyond the scope of the immediate
effort. Instead, we also introduce a new annotation,
LIBPLDM_ABI_DEPRECATED_UNSAFE, that simply lacks
`__attribute__((tainted_args))` and therefore doesn't trigger the extra
analysis.

Change-Id: Ib8994eaa3907a5432d040426ad03687cbf4c2136
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

src/oem/ibm/file_io.c

diff --git a/src/oem/ibm/file_io.c b/src/oem/ibm/file_io.c
index 71acf72..d8960fa 100644
--- a/src/oem/ibm/file_io.c
+++ b/src/oem/ibm/file_io.c
@@ -135,13 +135,14 @@
 	return PLDM_SUCCESS;
 }
 
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
 int encode_get_file_table_resp(uint8_t instance_id, uint8_t completion_code,
 			       uint32_t next_transfer_handle,
 			       uint8_t transfer_flag, const uint8_t *table_data,
 			       size_t table_size, struct pldm_msg *msg)
 {
-	if (msg == NULL) {
+	if ((completion_code == PLDM_SUCCESS && table_data == NULL) ||
+	    msg == NULL) {
 		return PLDM_ERROR_INVALID_LENGTH;
 	}