[dpdk-dev] [PATCH] examples: fix CID 30708 out-of-bounds read

[dpdk-dev] [PATCH] examples: fix CID 30708 out-of-bounds read

[Slawomir Mrozowicz]

It fix coverity issue:
CID 30708 (#1 of 1): Out-of-bounds read (OVERRUN)
12. overrun-local: Overrunning array tokens of 8 8-byte elements
at element index 4294967294 (byte offset 34359738352)
using index i (which evaluates to 4294967294).

Fixes: de3cfa2c9823 ("sched: initial import")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
---
 examples/qos_sched/args.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/examples/qos_sched/args.c b/examples/qos_sched/args.c
index 3e7fd08..d819269 100644
--- a/examples/qos_sched/args.c
+++ b/examples/qos_sched/args.c
@@ -175,9 +175,11 @@ app_parse_opt_vals(const char *conf_str, char separator, uint32_t n_vals, uint32
 
 	n_tokens = rte_strsplit(string, strnlen(string, 32), tokens, n_vals, separator);
 
-	for(i = 0; i < n_tokens; i++) {
+	if (n_tokens > MAX_OPT_VALUES)
+		return -1;
+
+	for (i = 0; i < n_tokens; i++)
 		opt_vals[i] = (uint32_t)atol(tokens[i]);
-	}
 
 	free(string);
 
-- 
1.9.1

--------------------------------------------------------------------

Intel Technology Poland sp. z o.o.
ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital zakladowy 200.000 PLN.

Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek
przegladanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by
others is strictly prohibited.

Re: [dpdk-dev] [PATCH] examples: fix CID 30708 out-of-bounds read

[Dumitrescu, Cristian]

> -----Original Message-----
> From: Mrozowicz, SlawomirX
> Sent: Thursday, April 14, 2016 10:53 AM
> To: Dumitrescu, Cristian <cristian.dumitrescu@intel.com>
> Cc: dev@dpdk.org; Mrozowicz, SlawomirX
> <slawomirx.mrozowicz@intel.com>
> Subject: [PATCH] examples: fix CID 30708 out-of-bounds read
> 
> It fix coverity issue:
> CID 30708 (#1 of 1): Out-of-bounds read (OVERRUN)
> 12. overrun-local: Overrunning array tokens of 8 8-byte elements
> at element index 4294967294 (byte offset 34359738352)
> using index i (which evaluates to 4294967294).
> 
> Fixes: de3cfa2c9823 ("sched: initial import")
> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> ---
>  examples/qos_sched/args.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/examples/qos_sched/args.c b/examples/qos_sched/args.c
> index 3e7fd08..d819269 100644
> --- a/examples/qos_sched/args.c
> +++ b/examples/qos_sched/args.c
> @@ -175,9 +175,11 @@ app_parse_opt_vals(const char *conf_str, char
> separator, uint32_t n_vals, uint32
> 
>  	n_tokens = rte_strsplit(string, strnlen(string, 32), tokens, n_vals,
> separator);
> 
> -	for(i = 0; i < n_tokens; i++) {
> +	if (n_tokens > MAX_OPT_VALUES)
> +		return -1;
> +
> +	for (i = 0; i < n_tokens; i++)
>  		opt_vals[i] = (uint32_t)atol(tokens[i]);
> -	}
> 
>  	free(string);
> 
> --
> 1.9.1

Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>