Skip to content

Add defensive coding fixes to prevent index out of range errors #582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
harp-intel merged 6 commits into from
Dec 11, 2025
Merged

Add defensive coding fixes to prevent index out of range errors #582

harp-intel merged 6 commits into from
Dec 11, 2025

Conversation

@harp-intel
Copy link
Contributor

@harp-intel harp-intel commented Dec 10, 2025

Summary

This PR adds defensive bounds checking in several locations within cmd/report where array/slice indexing could potentially cause panics. These fixes address reported "index out of range" errors by adding proper validation before accessing array/slice elements.

Changes

1. report.go:520 - Reference data lookup

  • Issue: Accessed .Values[0] without checking if Values slice has elements
  • Fix: Added bounds check before accessing field values for microarchitecture and socket count

2. report.go:386 - Memory benchmark table access

  • Issue: Called getTableValues() twice, potentially accessing different data
  • Fix: Use cached memLatTableValues variable for consistency

3. dimm.go:628 - 2D array access

  • Issue: Checked outer array length but not inner array dimensions
  • Fix: Added check that dimms[0] has sufficient elements before accessing BankLocatorIdx and LocatorIdx

4. report_tables.go:2036 - DIMM table renderer

  • Issue: Accessed multiple field .Values[0] without bounds checking
  • Fix: Added comprehensive checks for field count and Values slice lengths

5. report_tables.go:1222-1224 - String split access

  • Issue: Directly accessed split result without storing/checking
  • Fix: Store split results in variables and verify length before accessing

6. system.go:105 - Filesystem fields parsing

  • Issue: Accessed fields[len(fields)-2] without length validation
  • Fix: Added check that len(fields) >= 2 before accessing

7. system.go:129 - Mount options parsing

  • Issue: Accessed regex match and fields array without bounds checking
  • Fix: Added bounds checks for both match results and fields slice

Testing

  • ✅ Code compiles successfully: go build ./cmd/report/...
  • ✅ No test regressions (no test files in cmd/report)
  • ✅ All changes maintain existing error handling behavior

Impact

These defensive coding improvements will prevent panics when processing:

  • Malformed or unexpected input data
  • Edge cases with empty or incomplete data structures
  • Systems with unusual hardware configurations

The changes are backward compatible and maintain the existing error handling patterns while making the code more robust.

Review Notes

This PR is marked as draft for initial review. All fixes follow the same defensive coding pattern: check bounds before accessing array/slice elements. No functional behavior changes, only added safety checks.

harp-intel and others added 6 commits December 10, 2025 10:23
@harp-intel @claude
Add defensive coding fixes to prevent index out of range errors
e412456 
This commit adds bounds checking in several locations where array/slice
indexing could potentially cause panics:

1. report.go:520 - Add check that Values slices have elements before
   accessing [0] when looking up reference data

2. report.go:386 - Use cached memLatTableValues instead of calling
   getTableValues twice, ensuring consistency

3. dimm.go:628 - Add check that dimms[0] has sufficient elements before
   accessing BankLocatorIdx and LocatorIdx

4. report_tables.go:2036 - Add bounds checks before accessing
   DerivedSocketIdx, DerivedChannelIdx, and DerivedSlotIdx Values[0]

5. report_tables.go:1222-1224 - Store Split results and check length
   before accessing [0] to make code more defensive

6. system.go:105 - Add length check before accessing fields[len-2]
   to prevent panic on short slices

7. system.go:129 - Add bounds checks for both regex match results
   and fields slice before accessing indices

These changes prevent potential panics when processing unexpected
or malformed data while maintaining the existing error handling behavior.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@harp-intel @claude
Add defensive coding fixes to internal/common
0bffecc 
This commit adds defensive bounds checking in internal/common to prevent
index out of range errors when processing system data:

### nic.go fixes:
1. Line 117 - Check bounds before accessing Split result when parsing
   model names with parentheses
2. Line 182 - Validate deviceFunc slice has elements before accessing [0]
   when building card identifiers from PCI addresses

### power.go fixes:
3. Lines 40, 60, 88 - Add bounds checks before accessing Split result [1]
   when parsing EPP-related MSR values from colon-separated output
4. Line 127 - Consolidate bounds checks for fieldValues array access
5. Lines 212, 220 - Add bounds checks before accessing row indices when
   interpreting ELC mode values

These changes prevent panics when:
- NIC model names have unexpected formats
- PCI addresses are malformed
- MSR register output has unexpected format
- CSV data from ELC scripts has missing columns

All changes maintain existing error handling behavior while making
the code more robust against unexpected input formats.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@harp-intel
unnecessary parens
a8de568 
Signed-off-by: Harper, Jason M <jason.m.harper@intel.com>
@harp-intel
formatting
d828b65 
Signed-off-by: Harper, Jason M <jason.m.harper@intel.com>
@harp-intel
remove unnecessary len check
a8de737 
Signed-off-by: Harper, Jason M <jason.m.harper@intel.com>
@harp-intel @claude
Add defensive coding fixes to internal/report
0fc480e 
This commit adds defensive bounds checking in internal/report rendering
functions to prevent index out of range errors when processing table data:

### render_excel.go fixes:
1. Line 72 - Add check that targetTableValues has elements before accessing
   [0] in renderXlsxTableMultiTarget
2. Line 208 - Check each field's Values length instead of assuming all
   fields have same structure as Fields[0]

### render_html.go fixes:
3. Line 306 - Add check that allTargetsTableValues has elements before
   accessing [0] in createHtmlReportMultiTarget
4. Line 599 - Add bounds check before accessing field.Values[0] when
   rendering non-row tables
5. Line 614 - Add check that tableValues has elements before accessing [0]
   in RenderMultiTargetTableValuesAsHTML

These changes prevent panics when:
- Rendering reports with empty target lists
- Processing tables where fields have varying numbers of values
- Generating multi-target HTML reports with no data

All changes maintain existing rendering behavior while making the code
more robust against edge cases with missing or incomplete data.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@harp-intel harp-intel marked this pull request as ready for review December 11, 2025 04:41
@harp-intel harp-intel merged commit 9346496 into main Dec 11, 2025
5 checks passed
@harp-intel harp-intel deleted the defensive-coding-fixes branch December 11, 2025 04:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@harp-intel