Miroirs/libdisplay-info
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/emersion/libdisplay-info.git synced 2024-12-25 21:59:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add safety assertions when inserting into array

Browse source 
Make sure we didn't mess up the array size. Abort instead of
corrupting memory.

Found the array insert operations via:

    git grep '++]'

Signed-off-by: Simon Ser <contact@emersion.fr>
This commit is contained in:
Simon Ser 2022-09-06 11:19:48 +02:00
parent fbec9839fa
commit 6f7dc0bcf7
2 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
cta.c
View file

@ -78,6 +78,7 @@ parse_video_block(struct di_edid_cta *cta, struct di_cta_video_block *video,
if (!svd_ptr) if (!svd_ptr)
return false; return false;
*svd_ptr = svd; *svd_ptr = svd;
assert(video->svds_len < EDID_CTA_MAX_VIDEO_BLOCK_ENTRIES);
video->svds[video->svds_len++] = svd_ptr; video->svds[video->svds_len++] = svd_ptr;
} }
@ -355,6 +356,7 @@ parse_data_block(struct di_edid_cta *cta, uint8_t raw_tag, const uint8_t *data,
} }
data_block->tag = tag; data_block->tag = tag;
assert(cta->data_blocks_len < EDID_CTA_MAX_DATA_BLOCKS);
cta->data_blocks[cta->data_blocks_len++] = data_block; cta->data_blocks[cta->data_blocks_len++] = data_block;
return true; return true;
@ -438,6 +440,7 @@ _di_edid_cta_parse(struct di_edid_cta *cta, const uint8_t *data, size_t size,
_di_edid_cta_finish(cta); _di_edid_cta_finish(cta);
return false; return false;
} }
assert(cta->detailed_timing_defs_len < EDID_CTA_MAX_DETAILED_TIMING_DEFS);
cta->detailed_timing_defs[cta->detailed_timing_defs_len++] = detailed_timing_def; cta->detailed_timing_defs[cta->detailed_timing_defs_len++] = detailed_timing_def;
} }

8
edid.c
View file

@ -725,8 +725,10 @@ parse_standard_timings_descriptor(struct di_edid *edid,
timing_data = &data[5 + i * EDID_STANDARD_TIMING_SIZE]; timing_data = &data[5 + i * EDID_STANDARD_TIMING_SIZE];
if (!parse_standard_timing(edid, timing_data, &t)) if (!parse_standard_timing(edid, timing_data, &t))
return false; return false;
if (t) if (t) {
assert(desc->standard_timings_len < EDID_MAX_STANDARD_TIMING_COUNT);
desc->standard_timings[desc->standard_timings_len++] = t; desc->standard_timings[desc->standard_timings_len++] = t;
}
} }
if (data[17] != 0x0A) if (data[17] != 0x0A)
@ -757,6 +759,7 @@ parse_byte_descriptor(struct di_edid *edid,
return false; return false;
} }
assert(edid->detailed_timing_defs_len < EDID_BYTE_DESCRIPTOR_COUNT);
edid->detailed_timing_defs[edid->detailed_timing_defs_len++] = detailed_timing_def; edid->detailed_timing_defs[edid->detailed_timing_defs_len++] = detailed_timing_def;
return true; return true;
} }
@ -815,6 +818,7 @@ parse_byte_descriptor(struct di_edid *edid,
} }
desc->tag = tag; desc->tag = tag;
assert(edid->display_descriptors_len < EDID_BYTE_DESCRIPTOR_COUNT);
edid->display_descriptors[edid->display_descriptors_len++] = desc; edid->display_descriptors[edid->display_descriptors_len++] = desc;
return true; return true;
} }
@ -884,6 +888,7 @@ parse_ext(struct di_edid *edid, const uint8_t data[static EDID_BLOCK_SIZE])
} }
ext->tag = tag; ext->tag = tag;
assert(edid->exts_len < EDID_MAX_BLOCK_COUNT - 1);
edid->exts[edid->exts_len++] = ext; edid->exts[edid->exts_len++] = ext;
return true; return true;
} }
@ -958,6 +963,7 @@ _di_edid_parse(const void *data, size_t size, FILE *failure_msg_file)
return NULL; return NULL;
} }
if (standard_timing) { if (standard_timing) {
assert(edid->standard_timings_len < EDID_MAX_STANDARD_TIMING_COUNT);
edid->standard_timings[edid->standard_timings_len++] = standard_timing; edid->standard_timings[edid->standard_timings_len++] = standard_timing;
} }
} }