dsp: platform: Bounds check encode_state_effecter_pdr()
```
../src/dsp/platform.c:84:9: error: use of attacker-controlled value ‘possible_states_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
84 | memcpy(effecter->possible_states, possible_states,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
85 | possible_states_size);
| ~~~~~~~~~~~~~~~~~~~~~
```
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I7a53144c4c02639a0f7b7291277d8903d8f2717e
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
diff --git a/src/dsp/platform.c b/src/dsp/platform.c
index 5391f61..79eff6d 100644
--- a/src/dsp/platform.c
+++ b/src/dsp/platform.c
@@ -22,10 +22,25 @@
const struct state_effecter_possible_states *const possible_states,
const size_t possible_states_size, size_t *const actual_size)
{
- // Encode possible states
-
size_t calculated_possible_states_size = 0;
+ if (!effecter || !possible_states || !actual_size) {
+ return PLDM_ERROR;
+ }
+
+ if (SIZE_MAX - (sizeof(*effecter) - sizeof(effecter->possible_states) <
+ possible_states_size)) {
+ return PLDM_ERROR;
+ }
+
+ if (allocation_size <
+ (sizeof(*effecter) - sizeof(effecter->possible_states)) +
+ possible_states_size) {
+ return PLDM_ERROR_INVALID_LENGTH;
+ }
+
+ // Encode possible states
+
{
char *states_ptr = (char *)possible_states;
char *const begin_states_ptr = states_ptr;
@@ -56,11 +71,6 @@
(sizeof(struct pldm_state_effecter_pdr) + possible_states_size -
sizeof(effecter->possible_states));
- if (allocation_size < *actual_size) {
- *actual_size = 0;
- return PLDM_ERROR_INVALID_LENGTH;
- }
-
// Encode rest of PDR
effecter->hdr.version = 1;