Home Explore Help
Sign In
DragonOS-Community
/
acpi-rs
mirror of https://github.com/DragonOS-Community/acpi-rs
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix first fuzzing bug! Don't allow NullName as a full NameString

The spec isn't clear about this, but in the library we assume that an
`AmlName` is not empty. However, if a NullName appears as the only
element of a NamePath, we can accidently create an empty AmlName when we
parse a NameString. This has never come up in real tables, but was detected
during fuzzing as breaking a whole bunch of stuff in the namespace searching
(due to the assumptions about AmlName being broken).
Isaac Woods 4 years ago
parent
a93cfa2453
commit
56472490c9
1 changed files with 9 additions and 3 deletions
Split View Show Diff Stats
  1. 9 3
      aml/src/name_object.rs

+ 9 - 3
aml/src/name_object.rs
View File 

@@ -99,7 +99,15 @@ where
 
         match first_char {
 
             ROOT_CHAR => root_name_string.parse(input, context),
 
             PREFIX_CHAR => prefix_path.parse(input, context),
 
-            _ => name_path().map(|path| Ok(AmlName(path))).parse(input, context),
 
+            _ => name_path()
 
+                .map(|path| {
 
+                    if path.len() == 0 {
 
+                        return Err(AmlError::EmptyNamesAreInvalid);
 
+                    }
 
+
 
+                    Ok(AmlName(path))
 
+                })
 
+                .parse(input, context),
 
         }
 
     })
 
 }
 
@@ -125,8 +133,6 @@ where
 
 {
 
     /*
 
      * NullName := 0x00
 
-     *
 
-     * This doesn't actually allocate because the `Vec`'s capacity is zero.
 
      */
 
     opcode(NULL_NAME).map(|_| Ok(Vec::with_capacity(0)))
 
 }