Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix first fuzzing bug! Don't allow NullName as a full NameString
The spec isn't clear about this, but in the library we assume that an
`AmlName` is not empty. However, if a NullName appears as the only
element of a NamePath, we can accidently create an empty AmlName when we
parse a NameString. This has never come up in real tables, but was detected
during fuzzing as breaking a whole bunch of stuff in the namespace searching
(due to the assumptions about AmlName being broken).
  • Loading branch information
IsaacWoods committed Nov 12, 2020
1 parent a93cfa2 commit 5647249
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions aml/src/name_object.rs
Expand Up @@ -99,7 +99,15 @@ where
match first_char {
ROOT_CHAR => root_name_string.parse(input, context),
PREFIX_CHAR => prefix_path.parse(input, context),
_ => name_path().map(|path| Ok(AmlName(path))).parse(input, context),
_ => name_path()
.map(|path| {
if path.len() == 0 {
return Err(AmlError::EmptyNamesAreInvalid);
}

Ok(AmlName(path))
})
.parse(input, context),
}
})
}
Expand All @@ -125,8 +133,6 @@ where
{
/*
* NullName := 0x00
*
* This doesn't actually allocate because the `Vec`'s capacity is zero.
*/
opcode(NULL_NAME).map(|_| Ok(Vec::with_capacity(0)))
}
Expand Down

0 comments on commit 5647249

Please sign in to comment.