compiler: Provide LIBPLDM_CC_NONNULL{,_ARGS()}
This allows us to elide checks where they're not necessary, and warn
people at compile-time when they're doing things they shouldn't.
Note that this comes with an apparent ABI break. abi-compliance-checker
reports:
```
platform.h, libpldm.so.0.8.0
[−] decode_sensor_op_data ( uint8_t const* sensor_data, size_t sensor_data_length, uint8_t* present_op_state, uint8_t* previous_op_state )
Change: The parameter previous_op_state became passed in r8 register instead of rcx.
Effect Applications will read the wrong memory block instead of the parameter value.
```
It's unclear to me why. The signature hasn't changed, but how the
implementation tests the parameter values has.
Change-Id: Ie8d8bc1641280522532d9b4764bf07c64b1921c8
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
diff --git a/src/dsp/platform.c b/src/dsp/platform.c
index e355792..d7fc137 100644
--- a/src/dsp/platform.c
+++ b/src/dsp/platform.c
@@ -1056,7 +1056,9 @@
struct pldm_msgbuf *buf = &_buf;
int rc;
- if (msg == NULL) {
+ if (msg == NULL || format_version == NULL ||
+ transfer_operation_flag == NULL || data_transfer_handle == NULL ||
+ event_id_to_acknowledge == NULL) {
return PLDM_ERROR_INVALID_DATA;
}
@@ -1456,6 +1458,12 @@
struct pldm_msgbuf *buf = &_buf;
int rc;
+ if (event_data == NULL || sensor_id == NULL ||
+ sensor_event_class_type == NULL ||
+ event_class_data_offset == NULL) {
+ return PLDM_ERROR_INVALID_DATA;
+ }
+
rc = pldm_msgbuf_init_cc(buf, PLDM_SENSOR_EVENT_DATA_MIN_LENGTH,
event_data, event_data_length);
if (rc) {
@@ -1506,7 +1514,8 @@
struct pldm_msgbuf *buf = &_buf;
int rc;
- if (present_op_state == NULL || previous_op_state == NULL) {
+ if (sensor_data == NULL || present_op_state == NULL ||
+ previous_op_state == NULL) {
return PLDM_ERROR_INVALID_DATA;
}
@@ -1533,8 +1542,8 @@
struct pldm_msgbuf *buf = &_buf;
int rc;
- if (sensor_offset == NULL || event_state == NULL ||
- previous_event_state == NULL) {
+ if (sensor_data == NULL || sensor_offset == NULL ||
+ event_state == NULL || previous_event_state == NULL) {
return PLDM_ERROR_INVALID_DATA;
}
@@ -1563,8 +1572,9 @@
struct pldm_msgbuf *buf = &_buf;
int rc;
- if (sensor_data_size == NULL || event_state == NULL ||
- previous_event_state == NULL || present_reading == NULL) {
+ if (sensor_data == NULL || sensor_data_size == NULL ||
+ event_state == NULL || previous_event_state == NULL ||
+ present_reading == NULL) {
return PLDM_ERROR_INVALID_DATA;
}
@@ -2011,7 +2021,8 @@
struct pldm_msgbuf *buf = &_buf;
int rc;
- if (event_data_format == NULL || number_of_change_records == NULL ||
+ if (event_data == NULL || event_data_format == NULL ||
+ number_of_change_records == NULL ||
change_record_data_offset == NULL) {
return PLDM_ERROR_INVALID_DATA;
}
@@ -2040,7 +2051,7 @@
struct pldm_msgbuf *buf = &_buf;
int rc;
- if (!poll_event) {
+ if (!event_data || !poll_event) {
return -EINVAL;
}
@@ -2074,6 +2085,10 @@
struct pldm_msgbuf *buf = &_buf;
int rc;
+ if (poll_event == NULL || event_data == NULL) {
+ return -EINVAL;
+ }
+
if (poll_event->event_id == 0x0000 || poll_event->event_id == 0xffff) {
return -EPROTO;
}
@@ -2100,7 +2115,8 @@
struct pldm_msgbuf *buf = &_buf;
int rc;
- if (event_data_operation == NULL || number_of_change_entries == NULL ||
+ if (change_record_data == NULL || event_data_operation == NULL ||
+ number_of_change_entries == NULL ||
change_entry_data_offset == NULL) {
return PLDM_ERROR_INVALID_DATA;
}
@@ -2564,6 +2580,10 @@
struct pldm_value_pdr_hdr hdr;
int rc;
+ if (!pdr_data || !pdr_value) {
+ return PLDM_ERROR_INVALID_DATA;
+ }
+
rc = pldm_msgbuf_init_cc(buf, PLDM_PDR_NUMERIC_EFFECTER_PDR_MIN_LENGTH,
pdr_data, pdr_data_length);
if (rc) {
@@ -2829,6 +2849,10 @@
int rc;
int i;
+ if (!data || !pdr) {
+ return -EINVAL;
+ }
+
/*
* Alignment of auxiliary_name_data is an invariant as we statically assert
* its behaviour in the header.
@@ -2873,6 +2897,7 @@
if (rc < 0) {
return rc;
}
+ assert(names);
pdr->auxiliary_name_data_size = pdr_length - sizeof(*pdr);