From 536f55e4baaf632f9970f137956f3669280c9e51 Mon Sep 17 00:00:00 2001
From: Marek Puzyniak <marek.puzyniak@iopsys.eu>
Date: Wed, 16 Aug 2023 11:29:34 +0200
Subject: [PATCH] use TLV_MAXNUM instead of constant

Signed-off-by: Marek Puzyniak <marek.puzyniak@iopsys.eu>
---
 src/cmdu_input.c               | 26 +++++++++++++-------------
 src/i1905.h                    |  2 +-
 src/policy.c                   |  2 +-
 src/tests/fuzz/recv/rxcmdu.c   |  4 ++--
 src/tests/fuzz/send/sendcmdu.c |  6 +++---
 5 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/src/cmdu_input.c b/src/cmdu_input.c
index fd993c5f..7583d732 100644
--- a/src/cmdu_input.c
+++ b/src/cmdu_input.c
@@ -59,7 +59,7 @@ int i1905_handle_topology_discovery(const char *ifname, uint8_t *from,
 				    struct cmdu_buff *rxf, void *priv,
 				    void *cookie)
 {
-	struct tlv *tv[2][16];
+	struct tlv *tv[2][TLV_MAXNUM] = {0};
 	uint8_t aladdr_origin[6] = {0};
 	uint8_t macaddr_origin[6] = {0};
 	struct i1905_interface *iface;
@@ -140,7 +140,7 @@ int i1905_handle_topology_notification(const char *ifname, uint8_t *from,
 				       struct cmdu_buff *rxf, void *priv,
 				       void *cookie)
 {
-	struct tlv *tv[1][16];
+	struct tlv *tv[1][TLV_MAXNUM] = {0};
 	uint8_t aladdr_origin[6] = {0};
 	struct i1905_interface *iface;
 	int ret;
@@ -221,7 +221,7 @@ int i1905_handle_topology_response(const char *ifname, uint8_t *from,
 				   struct cmdu_buff *rxf, void *priv,
 				   void *cookie)
 {
-	struct tlv *tv[6][TLV_MAXNUM];
+	struct tlv *tv[6][TLV_MAXNUM] = {0};
 	struct tlv_device_info *devinfo;
 	uint8_t aladdr_origin[6] = {0};
 	struct i1905_interface *iface;
@@ -293,7 +293,7 @@ int i1905_handle_topology_response(const char *ifname, uint8_t *from,
 	if (tv[1][0]) {
 		int num = 0;
 
-		while (tv[1][num]) {
+		while (num < TLV_MAXNUM && tv[1][num]) {
 			ret = i1905_dm_neighbor_update(iface, aladdr_origin, tv[1][num]);
 			if (ret)
 				break;
@@ -348,7 +348,7 @@ int i1905_handle_link_metric_query(const char *ifname, uint8_t *from,
 {
 	struct tlv_linkmetric_query *lq;
 	struct i1905_interface *iface;
-	struct tlv *tv[1][TLV_MAXNUM];
+	struct tlv *tv[1][TLV_MAXNUM] = {0};
 	uint8_t nbr[6] = {0};
 	int ret;
 
@@ -397,7 +397,7 @@ int i1905_handle_link_metric_response(const char *ifname, uint8_t *from,
 				      void *cookie)
 {
 	struct i1905_interface *iface;
-	struct tlv *tv[2][16];
+	struct tlv *tv[2][TLV_MAXNUM] = {0};
 	int num = 0;
 	int ret;
 
@@ -462,7 +462,7 @@ int i1905_handle_ap_autoconfig_search(const char *ifname, uint8_t *from,
 	struct i1905_interface *iface;
 	struct tlv_autoconfig_band *freq;
 	uint8_t aladdr_origin[6] = {0};
-	struct tlv *tv[3][TLV_MAXNUM];
+	struct tlv *tv[3][TLV_MAXNUM] = {0};
 	int ret = 0;
 
 
@@ -556,7 +556,7 @@ int i1905_handle_ap_autoconfig_response(const char *ifname, uint8_t *from,
 	struct i1905_interface *iface;
 	struct i1905_selfdevice *self;
 	struct i1905_interface *ifs;
-	struct tlv *tv[2][TLV_MAXNUM];
+	struct tlv *tv[2][TLV_MAXNUM] = {0};
 	int ret;
 
 
@@ -665,7 +665,7 @@ int i1905_handle_ap_autoconfig_renew(const char *ifname, uint8_t *from,
 	struct i1905_interface *iface;
 	struct i1905_selfdevice *self;
 	struct i1905_interface *ifs;
-	struct tlv *tv[3][TLV_MAXNUM];
+	struct tlv *tv[3][TLV_MAXNUM] = {0};
 	int ret;
 
 
@@ -844,7 +844,7 @@ int i1905_handle_ap_autoconfig_wsc(const char *ifname, uint8_t *from,
 {
 	struct i1905_private *p = (struct i1905_private *)priv;
 	struct i1905_interface *iface;
-	struct tlv *tv[1][TLV_MAXNUM];
+	struct tlv *tv[1][TLV_MAXNUM] = {0};
 	void *m1_cookie = NULL;
 	uint8_t wsc_msgtype;
 	uint16_t msglen;
@@ -917,7 +917,7 @@ int i1905_handle_pbc_notification(const char *ifname, uint8_t *from,
 	struct tlv_pbc_notification *pbc;
 	uint8_t aladdr_origin[6] = {0};
 	struct i1905_selfdevice *self;
-	struct tlv *tv[2][TLV_MAXNUM];
+	struct tlv *tv[2][TLV_MAXNUM] = {0};
 	bool has_wifi_info = false;
 	int ret;
 	int i;
@@ -997,7 +997,7 @@ int i1905_handle_pbc_join_notification(const char *ifname, uint8_t *from,
 				       struct cmdu_buff *rxf, void *priv,
 				       void *cookie)
 {
-	struct tlv *tv[2][TLV_MAXNUM];
+	struct tlv *tv[2][TLV_MAXNUM] = {0};
 	uint8_t aladdr_origin[6] = {0};
 	struct tlv_pbc_join_notification *join;
 	int ret;
@@ -1055,7 +1055,7 @@ int i1905_handle_higherlayer_response(const char *ifname, uint8_t *from,
 				      struct cmdu_buff *rxf, void *priv,
 				      void *cookie)
 {
-	struct tlv *tv[6][16];
+	struct tlv *tv[6][TLV_MAXNUM] = {0};
 	uint8_t aladdr_origin[6] = {0};
 	struct tlv_1905_profile *profile;
 	struct i1905_interface *iface;
diff --git a/src/i1905.h b/src/i1905.h
index 9e7dc8e2..0013baf6 100644
--- a/src/i1905.h
+++ b/src/i1905.h
@@ -405,7 +405,7 @@ int i1905_dm_neighbor_update_non1905_neighbors(struct i1905_interface *iface,
 
 int if_getmediatype(const char *ifname, enum if_mediatype *mtype);
 
-int i1905_cmdu_parse_tlvs(struct cmdu_buff *cmdu, struct tlv *tv[][16], int num_tv);
+int i1905_cmdu_parse_tlvs(struct cmdu_buff *cmdu, struct tlv *tv[][TLV_MAXNUM], int num_tv);
 
 
 int i1905_dump_info(struct i1905_private *priv, void *out);
diff --git a/src/policy.c b/src/policy.c
index eb5c9a06..7c23bfe7 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -259,7 +259,7 @@ static struct cmdu_tlv_policy i1905_policy[] = {
 	P(CMDU_TYPE_GENERIC_PHY_RESPONSE),	/* 0x0012 */
 };
 
-int i1905_cmdu_parse_tlvs(struct cmdu_buff *cmdu, struct tlv *tv[][16], int num_tv)
+int i1905_cmdu_parse_tlvs(struct cmdu_buff *cmdu, struct tlv *tv[][TLV_MAXNUM], int num_tv)
 {
 	uint16_t type;
 
diff --git a/src/tests/fuzz/recv/rxcmdu.c b/src/tests/fuzz/recv/rxcmdu.c
index bd56a645..14cc32fb 100644
--- a/src/tests/fuzz/recv/rxcmdu.c
+++ b/src/tests/fuzz/recv/rxcmdu.c
@@ -335,7 +335,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	//uint16_t cmdutype = size ? data[0] % 0x0e : 3; /* defaults to CMDU_TYPE_TOPOLOGY_RESPONSE */
 	static uint16_t cmdutype = 0x3;
 	struct ubus_context *ctx = NULL;
-	struct tlv *tv[12][TLV_MAXNUM];
+	struct tlv *tv[12][TLV_MAXNUM] = {0};
 	char fuzz_cmdutype[8] = {0};
 	struct tlv_policy *pol;
 	uint32_t i1905 = 0;
@@ -537,7 +537,7 @@ size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize,
 	uint16_t cmdutype;
 	int num_pol;
 	struct tlv_policy *pol;
-	struct tlv *tv[12][16];
+	struct tlv *tv[12][TLV_MAXNUM] = {0};
 
 
 	srandom(seed);
diff --git a/src/tests/fuzz/send/sendcmdu.c b/src/tests/fuzz/send/sendcmdu.c
index a0f178db..5ccc2932 100644
--- a/src/tests/fuzz/send/sendcmdu.c
+++ b/src/tests/fuzz/send/sendcmdu.c
@@ -225,7 +225,7 @@ int cmdu_parse_tlvs_raw(const uint8_t *data, size_t datalen, struct tlv *tv[][TL
 		return -1;
 
 	for (i = 0; i < policy_len; i++) {
-		memset(tv[i], 0, 16 * sizeof(struct tlv *));
+		memset(tv[i], 0, TLV_MAXNUM * sizeof(struct tlv *));
 		idx[i] = 0;
 	}
 	len = datalen;
@@ -336,7 +336,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	struct ubus_context *ctx = NULL;
 	char fuzz_cmdutype[8] = {0};
 	//uint16_t cmdutype = size ? data[0] % 0x0e : 3;
-	struct tlv *tv[12][TLV_MAXNUM];
+	struct tlv *tv[12][TLV_MAXNUM] = {0};
 	uint16_t cmdutype = 0x0e;
 	struct tlv_policy *pol;
 	uint32_t i1905 = 0;
@@ -541,7 +541,7 @@ size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
 size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize,
 			       unsigned int seed)
 {
-	struct tlv *tv[12][TLV_MAXNUM];
+	struct tlv *tv[12][TLV_MAXNUM] = {0};
 	struct tlv_policy *pol;
 	uint16_t cmdutype;
 	size_t newsize;
-- 
GitLab