Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61820

CMakeLists.txt

@@ -182,6 +182,13 @@ else()
   endif()
 endif()
 
+if(PCAPPP_TARGET_COMPILER_CLANG
+   OR PCAPPP_TARGET_COMPILER_GCC
+   OR PCAPPP_TARGET_COMPILER_INTEL)
+  # Disable deprecated warnings since warnings are treated as errors
+  add_definitions("-Wno-deprecated-declarations")
+endif()
+
 if(PCAPPP_USE_DPDK)
   find_package(DPDK)
   if(NOT DPDK_FOUND)
@@ -197,8 +204,6 @@ if(PCAPPP_USE_DPDK)
     add_definitions(-DUSE_DPDK_KNI)
   endif()
 
-  # Disable deprecated warnings when DPDK enabled since warnings are treated as errors
-  add_definitions("-Wno-deprecated-declarations")
   configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/setup_dpdk.py" "${CMAKE_CURRENT_BINARY_DIR}" COPYONLY)
 endif()
 
@@ -243,8 +248,8 @@ endif()
 
 if(PCAPPP_TARGET_COMPILER_MSVC)
   # Disable VS warnings: Unknown pragma (4068), Zero-sized array in struct/union (4200), Possible loss of data (4244),
-  # Possible loss of data (4267), Character may not be represented (4819)
-  add_definitions("/wd4068 /wd4200 /wd4244 /wd4267 /wd4819")
+  # Possible loss of data (4267), Character may not be represented (4819), Deprecated (4996)
+  add_definitions("/wd4068 /wd4200 /wd4244 /wd4267 /wd4819 /wd4996")
 endif()
 
 if(PCAPPP_BUILD_COVERAGE)

Packet++/header/DhcpLayer.h

@@ -469,6 +469,29 @@ namespace pcpp
 			memcpy(m_Data->recordValue + valueOffset, stringValue.data(), len);
 		}
 
+		/**
+		 * Assign a pointer to the TLV record raw data (byte array)
+		 * @param[in] recordRawData A pointer to the TLV record raw data
+		 * @param[in] tlvDataLen The size of the TLV record raw data
+		 * @return True if data is valid and can be assigned
+		 */
+		static bool canAssign(const uint8_t* recordRawData, size_t tlvDataLen)
+		{
+			auto data = (TLVRawData*)recordRawData;
+			if (data == nullptr)
+				return false;
+
+			if (tlvDataLen < sizeof(TLVRawData::recordType))
+				return false;
+
+			if (data->recordType == (uint8_t)DHCPOPT_END || data->recordType == (uint8_t)DHCPOPT_PAD)
+				return true;
+
+			if (tlvDataLen < sizeof(TLVRawData::recordType) + sizeof(TLVRawData::recordLen))
+				return false;
+
+			return true;
+		}
 
 		// implement abstract methods
 

Packet++/header/IPv4Layer.h

@@ -313,12 +313,32 @@ namespace pcpp
 		 */
 		IPv4OptionTypes getIPv4OptionType() const
 		{
-			if (m_Data == nullptr)
-				return IPV4OPT_Unknown;
-
-			return (IPv4OptionTypes)m_Data->recordType;
+			return getIPv4OptionType(m_Data);
 		}
 
+		/**
+		 * Assign a pointer to the TLV record raw data (byte array)
+		 * @param[in] recordRawData A pointer to the TLV record raw data
+		 * @param[in] tlvDataLen The size of the TLV record raw data
+		 * @return True if data is valid and can be assigned
+		 */
+		static bool canAssign(const uint8_t* recordRawData, size_t tlvDataLen)
+		{
+			auto data = (TLVRawData*)recordRawData;
+			if (data == nullptr)
+				return false;
+
+			if (tlvDataLen < sizeof(TLVRawData::recordType))
+				return false;
+
+			if (getIPv4OptionType(data) == (uint8_t)IPV4OPT_EndOfOptionsList || data->recordType == (uint8_t)IPV4OPT_NOP)
+				return true;
+
+			if (tlvDataLen < sizeof(TLVRawData::recordType) + sizeof(TLVRawData::recordLen))
+				return false;
+
+			return true;
+		}
 
 		// implement abstract methods
 
@@ -343,6 +363,18 @@ namespace pcpp
 
 			return (size_t)m_Data->recordLen - (2*sizeof(uint8_t));
 		}
+
+	private:
+		/**
+		 * @return IPv4 option type casted as pcpp::IPv4OptionTypes enum
+		 */
+		static IPv4OptionTypes getIPv4OptionType(const TLVRawData* data)
+		{
+			if (data == nullptr)
+				return IPV4OPT_Unknown;
+
+			return (IPv4OptionTypes)data->recordType;
+		}
 	};
 
 

Packet++/header/IPv6Extensions.h

@@ -212,6 +212,30 @@ namespace pcpp
 			 */
 			~IPv6Option() { }
 
+			/**
+			 * Assign a pointer to the TLV record raw data (byte array)
+			 * @param[in] recordRawData A pointer to the TLV record raw data
+			 * @param[in] tlvDataLen The size of the TLV record raw data
+			 * @return True if data is valid and can be assigned
+			 */
+			static bool canAssign(const uint8_t* recordRawData, size_t tlvDataLen)
+			{
+				auto data = (TLVRawData*)recordRawData;
+				if (data == nullptr)
+					return false;
+
+				if (tlvDataLen < sizeof(TLVRawData::recordType))
+					return false;
+
+				if (data->recordType == Pad0OptionType)
+					return true;
+
+				if (tlvDataLen < sizeof(TLVRawData::recordType) + sizeof(TLVRawData::recordLen))
+					return false;
+
+				return true;
+			}
+
 			// implement abstract methods
 
 			size_t getTotalSize() const

Packet++/header/NflogLayer.h

@@ -117,6 +117,17 @@ namespace pcpp
 			m_Data = (NflogTLVRawData*)recordRawData;
 		}
 
+		/**
+		 * Assign a pointer to the TLV record raw data (byte array)
+		 * @param[in] recordRawData A pointer to the TLV record raw data
+		 * @param[in] tlvDataLen The size of the TLV record raw data
+		 * * @return True if data is valid and can be assigned
+		 */
+		static bool canAssign(const uint8_t* recordRawData, size_t tlvDataLen)
+		{
+			return recordRawData != nullptr && tlvDataLen >= sizeof(NflogTLVRawData::recordLen);
+		}
+
 		/**
 		 * @return True if the TLV record raw data is nullptr, false otherwise
 		 */

Packet++/header/TLVData.h

@@ -70,10 +70,18 @@ namespace pcpp
 		 */
 		void assign(uint8_t* recordRawData)
 		{
-			if(recordRawData == NULL)
-				m_Data = NULL;
-			else
-				m_Data = (TLVRawData*)recordRawData;
+			m_Data = (TLVRawData*)recordRawData;
+		}
+
+		/**
+		 * Assign a pointer to the TLV record raw data (byte array)
+		 * @param[in] recordRawData A pointer to the TLV record raw data
+		 * @param[in] tlvDataLen The size of the TLV record raw data
+		 * @return True if data is valid and can be assigned
+		 */
+		static bool canAssign(const uint8_t* recordRawData, size_t tlvDataLen)
+		{
+			return recordRawData != nullptr && tlvDataLen >= (sizeof(TLVRawData::recordType) + sizeof(TLVRawData::recordLen));
 		}
 
 		/**
@@ -155,7 +163,14 @@ namespace pcpp
 		/**
 		 * Free the memory of the TLV record raw data
 		 */
-		void purgeRecordData() { if (!isNull()) delete [] m_Data; }
+		void purgeRecordData()
+		{
+			if (!isNull())
+			{
+				delete [] m_Data;
+				m_Data = nullptr;
+			}
+		}
 
 		/**
 		 * A templated method to retrieve the record data as a certain type T. For example, if record data is 4B long
@@ -259,8 +274,11 @@ namespace pcpp
 		 */
 		TLVRecordType getFirstTLVRecord(uint8_t* tlvDataBasePtr, size_t tlvDataLen) const
 		{
-			TLVRecordType resRec(tlvDataBasePtr); // for NRVO optimization
+			TLVRecordType resRec(NULL); // for NRVO optimization
+			if (!TLVRecordType::canAssign(tlvDataBasePtr, tlvDataLen))
+				return resRec;
 
+			resRec.assign(tlvDataBasePtr);
 			// resRec pointer is out-bounds of the TLV records memory
 			if (resRec.getRecordBasePtr() + resRec.getTotalSize() > tlvDataBasePtr + tlvDataLen)
 				resRec.assign(NULL);
@@ -288,7 +306,11 @@ namespace pcpp
 			if (record.isNull())
 				return resRec;
 
+			if (!TLVRecordType::canAssign(record.getRecordBasePtr() + record.getTotalSize(), tlvDataBasePtr - record.getRecordBasePtr() + tlvDataLen - record.getTotalSize()))
+				return resRec;
+
 			resRec.assign(record.getRecordBasePtr() + record.getTotalSize());
+
 			if (resRec.getTotalSize() == 0)
 				resRec.assign(NULL);
 

Packet++/header/TcpLayer.h

@@ -222,6 +222,30 @@ namespace pcpp
 			return (TcpOptionType)m_Data->recordType;
 		}
 
+		/**
+		 * Assign a pointer to the TLV record raw data (byte array)
+		 * @param[in] recordRawData A pointer to the TLV record raw data
+		 * @param[in] tlvDataLen The size of the TLV record raw data
+		 * @return True if data is valid and can be assigned
+		 */
+		static bool canAssign(const uint8_t* recordRawData, size_t tlvDataLen)
+		{
+			auto data = (TLVRawData*)recordRawData;
+			if (data == nullptr)
+				return false;
+
+			if (tlvDataLen < sizeof(TLVRawData::recordType))
+				return false;
+
+			if (data->recordType == (uint8_t)PCPP_TCPOPT_NOP || data->recordType == (uint8_t)PCPP_TCPOPT_EOL)
+				return true;
+
+			if (tlvDataLen < sizeof(TLVRawData::recordType) + sizeof(TLVRawData::recordLen))
+				return false;
+
+			return true;
+		}
+
 		// implement abstract methods
 
 		size_t getTotalSize() const

Packet++/src/IPv6Extensions.cpp

@@ -110,7 +110,14 @@ IPv6TLVOptionHeader::IPv6Option IPv6TLVOptionHeader::IPv6TLVOptionBuilder::build
 	if (m_RecType != IPv6TLVOptionHeader::IPv6Option::Pad0OptionType)
 	{
 		recordBuffer[0] = recType;
+#if defined(__GNUC__) &&  __GNUC__ >= 10
+	#pragma GCC diagnostic push
+	#pragma GCC diagnostic ignored "-Wstringop-overflow"
+#endif
 		recordBuffer[1] = static_cast<uint8_t>(m_RecValueLen);
+#if defined(__GNUC__) &&  __GNUC__ >= 10
+	#pragma GCC diagnostic pop
+#endif
 		if (m_RecValueLen > 0)
 			memcpy(recordBuffer+2, m_RecValue, m_RecValueLen);
 	}

Packet++/src/NflogLayer.cpp

@@ -88,7 +88,7 @@ size_t NflogLayer::getHeaderLen() const
 		headerLen += currentTLV.getTotalSize();
 		currentTLV = m_TlvReader.getNextTLVRecord(currentTLV, getTlvsBasePtr(), m_DataLen - sizeof(nflog_header));
 	}
-	if (currentTLV.getType() == static_cast<uint16_t> (NflogTlvType::NFULA_PAYLOAD))
+	if (!currentTLV.isNull() && currentTLV.getType() == static_cast<uint16_t> (NflogTlvType::NFULA_PAYLOAD))
 	{
 		// for the length and type of the payload TLV
 		headerLen += 2 * sizeof (uint16_t);