commit 68b51301172639a44127c8213a3e9ca5a646a868
author Andrew Jeffery <andrew@aj.id.au> Wed Jun 28 21:29:42 2023 +0930
committer Andrew Jeffery <andrew@aj.id.au> Wed Jul 05 20:30:51 2023 +0930
tree d074f5626d4b57a1f0175944c3a4f3a45ef78fa9
parent 7cd16ff869cc68009295795b47285fd88ac45df4

pdr: Always uphold expectations of get_next_record_handle()

pldm_pdr_get_next_record() uses assert() to validate its arguments.
While this is usually a concern, get_next_record_handle() is internal
and can instead be protected at the public API boundary.

Add tests for the validity of parameters to pldm_pdr_find_record() and
pldm_pdr_get_next_record(), the callers of get_next_record_handle().
Both functions return pointers, and already return NULL on error.
Correct invocation must therefore already validate the returned pointer,
thus it is valid to also return NULL in the case of invalid arguments.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I07596acc9da7427d785b8b9db11eb84219fb8a5d

src/pdr.c

diff --git a/src/pdr.c b/src/pdr.c
index 55350a8..657612d 100644
--- a/src/pdr.c
+++ b/src/pdr.c
@@ -154,10 +154,14 @@
 	assert(data != NULL);
 	assert(size != NULL);
 	assert(next_record_handle != NULL);
+	if (!repo || !data || !size || !next_record_handle) {
+		return NULL;
+	}
 
 	if (!record_handle && (repo->first != NULL)) {
 		record_handle = repo->first->record_handle;
 	}
+
 	pldm_pdr_record *record = repo->first;
 	while (record != NULL) {
 		if (record->record_handle == record_handle) {
@@ -186,6 +190,9 @@
 	assert(data != NULL);
 	assert(size != NULL);
 	assert(next_record_handle != NULL);
+	if (!repo || !curr_record || !data || !size || !next_record_handle) {
+		return NULL;
+	}
 
 	if (curr_record == repo->last) {
 		*data = NULL;