Skip to content

Commit 5647249

Browse files
committed
Fix first fuzzing bug! Don't allow NullName as a full NameString
The spec isn't clear about this, but in the library we assume that an `AmlName` is not empty. However, if a NullName appears as the only element of a NamePath, we can accidently create an empty AmlName when we parse a NameString. This has never come up in real tables, but was detected during fuzzing as breaking a whole bunch of stuff in the namespace searching (due to the assumptions about AmlName being broken).
1 parent a93cfa2 commit 5647249

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

aml/src/name_object.rs

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,15 @@ where
9999
match first_char {
100100
ROOT_CHAR => root_name_string.parse(input, context),
101101
PREFIX_CHAR => prefix_path.parse(input, context),
102-
_ => name_path().map(|path| Ok(AmlName(path))).parse(input, context),
102+
_ => name_path()
103+
.map(|path| {
104+
if path.len() == 0 {
105+
return Err(AmlError::EmptyNamesAreInvalid);
106+
}
107+
108+
Ok(AmlName(path))
109+
})
110+
.parse(input, context),
103111
}
104112
})
105113
}
@@ -125,8 +133,6 @@ where
125133
{
126134
/*
127135
* NullName := 0x00
128-
*
129-
* This doesn't actually allocate because the `Vec`'s capacity is zero.
130136
*/
131137
opcode(NULL_NAME).map(|_| Ok(Vec::with_capacity(0)))
132138
}

0 commit comments

Comments
 (0)