Add safety assertions when inserting into array

Make sure we didn't mess up the array size. Abort instead of
corrupting memory.

Found the array insert operations via:

    git grep '++]'

Signed-off-by: Simon Ser <contact@emersion.fr>
This commit is contained in:
Simon Ser 2022-09-06 11:19:48 +02:00
parent fbec9839fa
commit 6f7dc0bcf7
2 changed files with 10 additions and 1 deletions

3
cta.c
View file

@ -78,6 +78,7 @@ parse_video_block(struct di_edid_cta *cta, struct di_cta_video_block *video,
if (!svd_ptr) if (!svd_ptr)
return false; return false;
*svd_ptr = svd; *svd_ptr = svd;
assert(video->svds_len < EDID_CTA_MAX_VIDEO_BLOCK_ENTRIES);
video->svds[video->svds_len++] = svd_ptr; video->svds[video->svds_len++] = svd_ptr;
} }
@ -355,6 +356,7 @@ parse_data_block(struct di_edid_cta *cta, uint8_t raw_tag, const uint8_t *data,
} }
data_block->tag = tag; data_block->tag = tag;
assert(cta->data_blocks_len < EDID_CTA_MAX_DATA_BLOCKS);
cta->data_blocks[cta->data_blocks_len++] = data_block; cta->data_blocks[cta->data_blocks_len++] = data_block;
return true; return true;
@ -438,6 +440,7 @@ _di_edid_cta_parse(struct di_edid_cta *cta, const uint8_t *data, size_t size,
_di_edid_cta_finish(cta); _di_edid_cta_finish(cta);
return false; return false;
} }
assert(cta->detailed_timing_defs_len < EDID_CTA_MAX_DETAILED_TIMING_DEFS);
cta->detailed_timing_defs[cta->detailed_timing_defs_len++] = detailed_timing_def; cta->detailed_timing_defs[cta->detailed_timing_defs_len++] = detailed_timing_def;
} }

8
edid.c
View file

@ -725,9 +725,11 @@ parse_standard_timings_descriptor(struct di_edid *edid,
timing_data = &data[5 + i * EDID_STANDARD_TIMING_SIZE]; timing_data = &data[5 + i * EDID_STANDARD_TIMING_SIZE];
if (!parse_standard_timing(edid, timing_data, &t)) if (!parse_standard_timing(edid, timing_data, &t))
return false; return false;
if (t) if (t) {
assert(desc->standard_timings_len < EDID_MAX_STANDARD_TIMING_COUNT);
desc->standard_timings[desc->standard_timings_len++] = t; desc->standard_timings[desc->standard_timings_len++] = t;
} }
}
if (data[17] != 0x0A) if (data[17] != 0x0A)
add_failure_until(edid, 4, add_failure_until(edid, 4,
@ -757,6 +759,7 @@ parse_byte_descriptor(struct di_edid *edid,
return false; return false;
} }
assert(edid->detailed_timing_defs_len < EDID_BYTE_DESCRIPTOR_COUNT);
edid->detailed_timing_defs[edid->detailed_timing_defs_len++] = detailed_timing_def; edid->detailed_timing_defs[edid->detailed_timing_defs_len++] = detailed_timing_def;
return true; return true;
} }
@ -815,6 +818,7 @@ parse_byte_descriptor(struct di_edid *edid,
} }
desc->tag = tag; desc->tag = tag;
assert(edid->display_descriptors_len < EDID_BYTE_DESCRIPTOR_COUNT);
edid->display_descriptors[edid->display_descriptors_len++] = desc; edid->display_descriptors[edid->display_descriptors_len++] = desc;
return true; return true;
} }
@ -884,6 +888,7 @@ parse_ext(struct di_edid *edid, const uint8_t data[static EDID_BLOCK_SIZE])
} }
ext->tag = tag; ext->tag = tag;
assert(edid->exts_len < EDID_MAX_BLOCK_COUNT - 1);
edid->exts[edid->exts_len++] = ext; edid->exts[edid->exts_len++] = ext;
return true; return true;
} }
@ -958,6 +963,7 @@ _di_edid_parse(const void *data, size_t size, FILE *failure_msg_file)
return NULL; return NULL;
} }
if (standard_timing) { if (standard_timing) {
assert(edid->standard_timings_len < EDID_MAX_STANDARD_TIMING_COUNT);
edid->standard_timings[edid->standard_timings_len++] = standard_timing; edid->standard_timings[edid->standard_timings_len++] = standard_timing;
} }
} }