dsp: firmware_update: Iterators for downstream device descriptors

Provide an ergonomic and safe means to iterate through downstream
devices and their descriptors while avoiding the need to allocate.

dsp: firmware_update: Iterators for downstream device descriptors

Provide an ergonomic and safe means to iterate through downstream
devices and their descriptors while avoiding the need to allocate. The
strategy leaves the library user to make their own choices about how the
data is handled.

The user-facing portion of the change takes the form of two new macros,
to be nested inside one another:

```
foreach_pldm_downstream_device(...) {
foreach_pldm_downstream_device_descriptor(...) {
// Do something with the device-specific descriptor
}
}
```

Examples uses are provided in the documentation and in changes to the
test suite.

Change-Id: I6e79454b94868da73f318635bcaae57cd51fbf97
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Fix extra parentheses

No functionality change, avoids a warning.

gitlint-ignore: UC1
Fixes: 98e137dede32 ("dsp: platform: Fix decode_set_event_receiver_req()")
Change-Id: I38eae0d5e9

dsp: platform: Fix extra parentheses

No functionality change, avoids a warning.

gitlint-ignore: UC1
Fixes: 98e137dede32 ("dsp: platform: Fix decode_set_event_receiver_req()")
Change-Id: I38eae0d5e91c79e545b5bcca3a93bd4634435b62
Signed-off-by: Matt Johnston <matt@codeconstruct.com.au>

show more ...

dsp: platform: Fix location of closing paren in overflow detection

I suspect this was the result of editor auto-parenthesis support and the
result got overlooked.

Add some tests while we're in the

dsp: platform: Fix location of closing paren in overflow detection

I suspect this was the result of editor auto-parenthesis support and the
result got overlooked.

Add some tests while we're in the area.

As seems to be the case when we expand the tests associated with
argument values, also update the ABI dump to reflect the change in
recorded register allocation.

gitlint-ignore: UC1
Fixes: #13
Fixes: ad33b99abcc4 ("dsp: platform: Bounds check encode_state_effecter_pdr()")
Reported-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Change-Id: Iab4c1c337400678ac424936151a38baf0e0d554d
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Fix decode_set_event_receiver_req()

Per DSP0248 V1.3.0 table13, the heartbeatTimer field shall be omitted
from the request data if eventMessageGlobalEnable is not set to
enableAsyncKe

dsp: platform: Fix decode_set_event_receiver_req()

Per DSP0248 V1.3.0 table13, the heartbeatTimer field shall be omitted
from the request data if eventMessageGlobalEnable is not set to
enableAsyncKeepAlive.

Rework the change in 8c43abb due to the issue found in
openbmc/pldm@35f25949fe4d ("Fix invalid read by adjusting request
size")

gitlint-ignore: B1, UC1
Fixes: 66c7723adbdc ("msgbuf: Enable pldm_msgbuf_extract() into packed members")
Fixes: 9667f5823930 ("platform: pldm_msgbuf for decode_set_event_receiver_req()")
Fixes: 6ef2aa90a793 ("platform: Test invalid heartbeat conditions after assignment")
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I7ca50e487b9f1e6c6ea2b34f73c363def8b2d295
Signed-off-by: Gilbert Chen <gilbertc@nvidia.com>

show more ...

dsp: pdr: Rework test in pldm_entity_association_pdr_extract()

Testing on IBM's simulator[1] and bisection by Manoj
found that 9e566597d91e ("dsp: pdr: Bound check
pldm_entity_association_pdr_extrac

dsp: pdr: Rework test in pldm_entity_association_pdr_extract()

Testing on IBM's simulator[1] and bisection by Manoj
found that 9e566597d91e ("dsp: pdr: Bound check
pldm_entity_association_pdr_extract()") caused their host boot process
to come unstuck[1]:

[1]: https://gerrit.openbmc.org/c/openbmc/openbmc/+/75130/comments/fc6548ce_78285814

```
26.98655|2024/10/08 10:04:51|ISTEP 6. 5 - host_set_ipl_parms
27.02035|2024/10/08 10:04:51|ISTEP 6. 6 - host_discover_targets
27.31030|Detected new part : 00030000 (Physical:/Sys0/Node0/DIMM0)
27.64652|Detected new part : 00030004 (Physical:/Sys0/Node0/DIMM2)
29.58074|Detected new part : 00050000 (Physical:/Sys0/Node0/Proc0)
43.28986|Detected new part : 00050000 (Physical:/Sys0/Node0/Proc0)
47.49649|HWAS|---------------------------------
47.49650|HWAS|PRESENT>
47.52988|TARG|PROC=80000000
47.53612|TARG|PROC[00]:
47.53616|TARG| CORE=FF000000 DIMM=8800000000000000
47.53620|TARG| CACHE=FF000000 OCMB=C000
47.53632|TARG|PROC[01]:
47.53637|TARG| CORE=00000000 DIMM=0000000000000000
47.53641|TARG| CACHE=00000000 OCMB=0000
47.3653|TARG|PROC[02]:
47.53658|TARG| CORE=00000000 DIMM=0000000000000000
47.53662|TARG| CACHE=00000000 OCMB=0000
47.53674|TARG|PROC[03]:
47.53679|TARG| CORE=00000000 DIMM=0000000000000000
47.53683|TARG| CACHE=00000000 OCMB=0000
47.53738|WAS|---------------------------------
47.56477|devtree|Syncing to BMC
57.36060|Triggering graceful reboot fr Rebooting due to a FRU hot-remove
57.85530|================================================
57.87003|Error reprted by pldm (0x4700) EID 0x90000013
57.88170| Software problem, could not find reboot count effecter PDR.
57.88174| ModuleId 0x3e MOD_RESET_REBOOT_COUNT
57.90019| ReasonCode 0x471a RC_INVALID_EFFECTER_ID
57.90028| UserData1 The total number of PDRs that PDR Manager is aware of. : 0x00000000000001ee
57.90031| UserData2 : 0x0000000000000000
57.90034|------------------------------------------------
57.90038| Callouttype : Procedure Callout
57.90041| Procedure : EPUB_PRC_HB_CODE
57.92782| Priority : SRCI_PRIORITY_HIGH
57.92785|-----------------------------------------------
57.92788| Callout type : Procedure Callout
57.92791| Procedure : EPUB_PRC_SP_COE
57.92794| Priority : SRCI_PRIORITY_HIGH
57.92798|-----------------------------------------------
57.92801| Callout type : Procedure Callout
57.92804| Procedure : EPUB_PRC_HB_CODE
57.92808| Priority : SRCI_PRIORITY_MED
57.92811|------------------------------------------------
57.92816| Hostboot Build ID: hostboot-p11-e7437ab-sha1:997c6a7f/hbicore.bin
57.92819|================================================
59.00252|Soft poweroff requested by the BMC
```

This seems to be the result of the following from the BMC's side:

```
Oct 08 10:04:30 p10bmc pldmd[642]: Instance ID expiry for EID '9' using InstanceID '1'
Oct 08 10:04:30 p10bmc pldmd[642]: Failed to receive response for setEventReceiver command
Oct 08 10:04:32 p10bmc pldmd[642]: sdeventplus: ioCallback: Instance ID 1 for TID 9 was not previously allocated
Oct 08 10:04:32 p10bmc pldmd[642]: sdeventplus: ioCallback: Instance ID 1 for TID 9 was not previously allocated
Oct 08 10:04:32 p10bmc pldmd[642]: sdeventplus: ioCallback: Instance ID 1 for TID 9 was not previously allocated
Oct 08 10:04:32 p10bmc bmcwebd[282]: PAM unable to resolve symbol: pam_sm_acct_mgmt
Oct 08 10:04:33 p10bmc bmcwebd[282]: pam_succeed_if(webserver:auth): requirement "user ingroup redfish" was met by user "root"
Oct 08 10:04:35 p10bmc bmcwebd[282]: PAM unable to resolve symbol: pam_sm_acct_mgmt
Oct 08 10:04:35 p10bmc pldmd[642]: Checking if directory '/usr/share/pldm/pdr' exists
Oct 08 10:04:35 p10bmc pldmd[642]: Checking if directory '/usr/share/pldm/pdr/com.ibm.Hardware.Chassis.Model.Rainier4U' exists
Oct 08 10:04:35 p10bmc pldmd[642]: Failed to create sensor PDR, D-Bus object '/org/freedesktop/UPower/devices/ups_hiddev0' returned error - sd_bus_call: xyz.openbmc_project.Common.Error.ResourceNotFound: The resource is not found.
Oct 08 10:04:35 p10bmc bmcwebd[282]: pam_succeed_if(webserver:auth): requirement "user ingroup redfish" was met by user "root"
Oct 08 10:04:36 p10bmc pldmd[642]: Failed to create sensor PDR, D-Bus object '/xyz/openbmc_project/led/physical/virtual_enc_id' returned error - sd_bus_call: xyz.openbmc_project.Common.Error.ResourceNotFound: The resource is not found.
Oct 08 10:04:36 p10bmc pldmd[642]: Failed to create sensor PDR, D-Bus object '/xyz/openbmc_project/led/physical/virtual_enc_fault' returned error - sd_bus_call: xyz.openbmc_project.Common.Error.ResourceNotFound: The resource is not found.
```

Ultimately the check was trying to satisfy the following from GCC's
analyzer:

```
| 1345 | size_t l_num_entities = entity_association_pdr->num_children + 1;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (16) ...to here
| 1346 | if (l_num_entities < 2) {
| | ~
| | |
| | (17) following ‘false’ branch (when ‘l_num_entities > 1’)...
|......
| 1354 | pldm_entity *l_entities = calloc(l_num_entities, sizeof(pldm_entity));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (18) ...to here
| | (19) use of attacker-controlled value ‘(size_t)((int)*((char *)&*pdr + 10).num_children + 1) * 6’ as size without upper-bounds checking
|
```

However, rather than the relationship to pdr_len, the issue was the
confusion from the promotion from uint8_t to size_t. Teach the analyzer
about the UINT8_MAX limit explicitly.

gitlint-ignore: UC1, B1
Fixes: 9e566597d91e ("dsp: pdr: Bound check pldm_entity_association_pdr_extract()")
Change-Id: I0c71ba3b80da2946658a4e6a3add4636752b4e74
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

Apply GCC's tainted_args attribute to library entrypoints

The implementation applies `__attribute__((tainted_args))` by
integrating it into the existing ABI macro annotations.

In the process, quite

Apply GCC's tainted_args attribute to library entrypoints

The implementation applies `__attribute__((tainted_args))` by
integrating it into the existing ABI macro annotations.

In the process, quite a number of APIs were discovered to be unsafe in
ways that were not immediately fixable. Often this is because they lack
arguments that enable the appropriate bounds-checking to be applied.

Redesigning them is work beyond the scope of the immediate
effort. Instead, we also introduce a new annotation,
LIBPLDM_ABI_DEPRECATED_UNSAFE, that simply lacks
`__attribute__((tainted_args))` and therefore doesn't trigger the extra
analysis.

Change-Id: Ib8994eaa3907a5432d040426ad03687cbf4c2136
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

utils: Avoid array-lookup in is_time_legal()

```
../src/utils.c: In function ‘is_time_legal’:
../src/utils.c:213:22: error: use of attacker-controlled value ‘month’ in array lookup without checking

utils: Avoid array-lookup in is_time_legal()

```
../src/utils.c: In function ‘is_time_legal’:
../src/utils.c:213:22: error: use of attacker-controlled value ‘month’ in array lookup without checking for negative [CWE-129] [-Werror=analyzer-tainted-array-index]
213 | unsigned int rday = days[month];
| ^~~~
```

This isn't really the case, but GCC's analyzer currently thinks so, so
clean it up with a switch statement.

Change-Id: I60e0a6cb3ad275455fdc27de8042afe34c09ba60
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Bounds check pldm_bios_table_string_entry_encode()

```
../src/dsp/bios_table.c:82:9: error: use of attacker-controlled value ‘str_length’ as size without upper-bounds checking [CWE-

dsp: bios_table: Bounds check pldm_bios_table_string_entry_encode()

```
../src/dsp/bios_table.c:82:9: error: use of attacker-controlled value ‘str_length’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
82 | memcpy(string_entry->name, str, str_length);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I1aaa18b358c3e6c958b2d9643487016f2a9f5116
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios: Bounds check encode_set_bios_attribute_current_value_req()

```
../src/dsp/bios.c: In function ‘encode_set_bios_attribute_current_value_req’:
../src/dsp/bios.c:496:9: error: use of attacke

dsp: bios: Bounds check encode_set_bios_attribute_current_value_req()

```
../src/dsp/bios.c: In function ‘encode_set_bios_attribute_current_value_req’:
../src/dsp/bios.c:496:9: error: use of attacker-controlled value ‘attribute_length’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
496 | memcpy(request->attribute_data, attribute_data, attribute_length);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

gitlint-ignore: T1, B1
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I65fb55204298e5ba16c037fe289a7d94a04e8599
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios: Bounds check encode_set_bios_table_req()

```
../src/dsp/bios.c:614:9: error: use of attacker-controlled value ‘table_length’ as size without upper-bounds checking [CWE-129] [-Werror=analy

dsp: bios: Bounds check encode_set_bios_table_req()

```
../src/dsp/bios.c:614:9: error: use of attacker-controlled value ‘table_length’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
614 | memcpy(request->table_data, table_data, table_length);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I2a9679f9ab9f743a2521ff2d20e42b8d07c706df
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: fru: Bounds check encode_fru_record()

```
../src/dsp/fru.c:200:17: error: use of attacker-controlled value ‘tlvs_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-

dsp: fru: Bounds check encode_fru_record()

```
../src/dsp/fru.c:200:17: error: use of attacker-controlled value ‘tlvs_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
200 | memcpy(fru_table + *curr_size, tlvs, tlvs_size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Ibc2831c5fd9665bb2645d49c856fc1a77c6e1feb
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: fru: Bounds check encode_get_fru_record_by_option_resp()

```
../src/dsp/fru.c: In function ‘encode_get_fru_record_by_option_resp’:
../src/dsp/fru.c:388:17: error: use of attacker-controlled val

dsp: fru: Bounds check encode_get_fru_record_by_option_resp()

```
../src/dsp/fru.c: In function ‘encode_get_fru_record_by_option_resp’:
../src/dsp/fru.c:388:17: error: use of attacker-controlled value ‘data_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
388 | memcpy(resp->fru_structure_data, fru_structure_data, data_size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I01b43823e3a24c7e7ed229d09643b15fcff4d43b
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

oem: ibm: platform: Bounds check encode_bios_attribute_update_event_req()

```
../src/oem/ibm/platform.c: In function ‘encode_bios_attribute_update_event_req’:
../src/oem/ibm/platform.c:49:9: error:

oem: ibm: platform: Bounds check encode_bios_attribute_update_event_req()

```
../src/oem/ibm/platform.c: In function ‘encode_bios_attribute_update_event_req’:
../src/oem/ibm/platform.c:49:9: error: use of attacker-controlled value ‘(long unsigned int)num_handles * 2’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
49 | memcpy(request->bios_attribute_handles, list_of_handles,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
50 | num_handles * sizeof(uint16_t));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

gitlint-ignore: T1, B1
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Ie329d651207936b4a4762efa7631c9ecb525cf74
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: firmware_update: Bounds check decode_downstream_device_parameter_table_entry_versions()

```
../src/dsp/firmware_update.c: In function ‘decode_downstream_device_parameter_table_entry_versions’:

dsp: firmware_update: Bounds check decode_downstream_device_parameter_table_entry_versions()

```
../src/dsp/firmware_update.c: In function ‘decode_downstream_device_parameter_table_entry_versions’:
../src/dsp/firmware_update.c:1248:48: error: use of attacker-controlled value ‘*entry.active_comp_ver_str_len’ as offset without upper-bounds checking [CWE-823] [-Werror=analyzer-tainted-offset]
1248 | active[entry->active_comp_ver_str_len] = '\0';
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
```

gitlint-ignore: T1, B1, UC1
Fixes: b6ef35b48065 ("fw_update: Add encode req & decode resp for get_downstream_fw_params")
Change-Id: I15571804f391dc97de6d80c90325ded006aee500
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Bounds check pldm_bios_table_attr_value_entry_encode_enum()

```
../src/dsp/bios_table.c: In function ‘pldm_bios_table_attr_value_entry_encode_enum’:
../src/dsp/bios_table.c:711:17:

dsp: bios_table: Bounds check pldm_bios_table_attr_value_entry_encode_enum()

```
../src/dsp/bios_table.c: In function ‘pldm_bios_table_attr_value_entry_encode_enum’:
../src/dsp/bios_table.c:711:17: error: use of attacker-controlled value ‘count’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
711 | memcpy(&table_entry->value[1], handles, count);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

gitlint-ignore: T1, B1
Change-Id: Ie8073f6d19ad3c249160c675f36d73dc83afb198
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Bounds check pldm_bios_table_attr_value_entry_encode_string()

```
../src/dsp/bios_table.c: In function ‘pldm_bios_table_attr_value_entry_encode_string’:
../src/dsp/bios_table.c:773:

dsp: bios_table: Bounds check pldm_bios_table_attr_value_entry_encode_string()

```
../src/dsp/bios_table.c: In function ‘pldm_bios_table_attr_value_entry_encode_string’:
../src/dsp/bios_table.c:773:17: error: use of attacker-controlled value ‘str_length’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
773 | memcpy(table_entry->value + sizeof(str_length), str,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
774 | str_length);
| ~~~~~~~~~~~
```

gitlint-ignore: T1, B1
Change-Id: I836566b6148443d4653b44adb25cc1c277f9028e
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Bounds check pldm_bios_table_append_pad_checksum()

```
../src/dsp/bios_table.c: In function ‘checksum_append’:
../src/dsp/bios_table.c:905:9: error: use of attacker-controlled value

dsp: bios_table: Bounds check pldm_bios_table_append_pad_checksum()

```
../src/dsp/bios_table.c: In function ‘checksum_append’:
../src/dsp/bios_table.c:905:9: error: use of attacker-controlled value ‘*size’ as offset without upper-bounds checking [CWE-823] [-Werror=analyzer-tainted-offset]
905 | memcpy(table_end, &checksum, sizeof(checksum));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I786f628cad0b0625feda2c8f486d2fbcd603104c
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Tidy up pldm_bios_table_pad_checksum_size()

There was no need for the intermediate variable, and the comment isn't
informative enough for it to remain.

Change-Id: I82881bb49703e08c

dsp: bios_table: Tidy up pldm_bios_table_pad_checksum_size()

There was no need for the intermediate variable, and the comment isn't
informative enough for it to remain.

Change-Id: I82881bb49703e08c4797cbc6e70aaeb889603ca3
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: bios_table: Branchless implementation of pad_size_get()

This is a minor logic cleanup. The equivalence can be tested as follows:

```python
>>> def pad0(x): return (4 - x % 4) if (x % 4) != 0 e

dsp: bios_table: Branchless implementation of pad_size_get()

This is a minor logic cleanup. The equivalence can be tested as follows:

```python
>>> def pad0(x): return (4 - x % 4) if (x % 4) != 0 else 0
...
>>> def pad1(x): return (4 - (x % 4)) % 4
...
>>> for i in range(0, 5):
... print("{}: {} == {} ? {}".format(i, pad0(i), pad1(i), pad0(i) == pad1(i)))
...
0: 0 == 0 ? True
1: 3 == 3 ? True
2: 2 == 2 ? True
3: 1 == 1 ? True
4: 0 == 0 ? True
```

Change-Id: Ieee40178a93bcfd2a47fd7c1a6f47f8e0884700e
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: pdr: Bound check pldm_entity_association_pdr_extract()

```
../src/dsp/pdr.c: In function ‘pldm_entity_association_pdr_extract’:
../src/dsp/pdr.c:1333:35: error: use of attacker-controlled value

dsp: pdr: Bound check pldm_entity_association_pdr_extract()

```
../src/dsp/pdr.c: In function ‘pldm_entity_association_pdr_extract’:
../src/dsp/pdr.c:1333:35: error: use of attacker-controlled value ‘(size_t)((int)*((char *)&*pdr + 10).num_children + 1) * 6’ as allocation size without upper-bounds checking [CWE-789] [-Werror=analyzer-tainted-allocation-size]
1333 | pldm_entity *l_entities = malloc(sizeof(pldm_entity) * l_num_entities);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I96582ae2b19d22413919ae0a6a9b94e2d3d40f39
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Bounds check encode_state_effecter_pdr()

```
../src/dsp/platform.c:84:9: error: use of attacker-controlled value ‘possible_states_size’ as size without upper-bounds checking [CWE-129]

dsp: platform: Bounds check encode_state_effecter_pdr()

```
../src/dsp/platform.c:84:9: error: use of attacker-controlled value ‘possible_states_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
84 | memcpy(effecter->possible_states, possible_states,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
85 | possible_states_size);
| ~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I7a53144c4c02639a0f7b7291277d8903d8f2717e
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Bounds check encode_sensor_state_pdr()

```
../src/dsp/platform.c: In function ‘encode_state_sensor_pdr’:
../src/dsp/platform.c:152:9: error: use of attacker-controlled value ‘possible

dsp: platform: Bounds check encode_sensor_state_pdr()

```
../src/dsp/platform.c: In function ‘encode_state_sensor_pdr’:
../src/dsp/platform.c:152:9: error: use of attacker-controlled value ‘possible_states_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
152 | memcpy(sensor->possible_states, possible_states, possible_states_size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I682beae26d346e474825a393da7b5248d3166fbf
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Prevent overflow of arithmetic on event_data_length

Resolves the following warning from GCC's static analyzer:

```
../src/dsp/platform.c: In function ‘encode_platform_event_message_r

dsp: platform: Prevent overflow of arithmetic on event_data_length

Resolves the following warning from GCC's static analyzer:

```
../src/dsp/platform.c: In function ‘encode_platform_event_message_req’:
../src/dsp/platform.c:1246:9: error: use of attacker-controlled value ‘event_data_length’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
1246 | memcpy(request->event_data, event_data, event_data_length);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Id889a5b56d8403dea41f6acd43f21b44bf8d503d
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

dsp: platform: Merge PDR header extraction and validation

These two functions were tightly coupled, in the sense that in all
invocations of either were proximal to the other.

Merge them to avoid th

dsp: platform: Merge PDR header extraction and validation

These two functions were tightly coupled, in the sense that in all
invocations of either were proximal to the other.

Merge them to avoid the spatial separation and improve both our own and
the compiler's ability to reason about the relationships.

Change-Id: I098afac06fea56a26762879a620e74539f6e6d52
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...

msgbuf: Bounds checks that satisfy GCC's analyzer

The intent is that there is no change in behavior, but that the code
patterns better match the analyzer's expectations.

Change-Id: I58544aaf6b15209

msgbuf: Bounds checks that satisfy GCC's analyzer

The intent is that there is no change in behavior, but that the code
patterns better match the analyzer's expectations.

Change-Id: I58544aaf6b15209e754059bf72a55dc9d63c9d61
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

show more ...