From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jacekx.piasecki@intel.com>
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by dpdk.org (Postfix) with ESMTP id 13BD71B6F4;
 Thu, 26 Oct 2017 08:29:51 +0200 (CEST)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 25 Oct 2017 23:29:45 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.43,434,1503385200"; d="scan'208";a="1210252089"
Received: from gklab-246-073.igk.intel.com (HELO Sent) ([10.217.246.73])
 by fmsmga001.fm.intel.com with SMTP; 25 Oct 2017 23:29:40 -0700
Received: by Sent (sSMTP sendmail emulation); Thu, 26 Oct 2017 08:24:07 +0200
From: Jacek Piasecki <jacekx.piasecki@intel.com>
To: cristian.dumitrescu@intel.com
Cc: dev@dpdk.org, Jacek Piasecki <jacekx.piasecki@intel.com>, stable@dpdk.org
Date: Thu, 26 Oct 2017 08:24:06 +0200
Message-Id: <1508999046-5012-1-git-send-email-jacekx.piasecki@intel.com>
X-Mailer: git-send-email 2.7.4
Subject: [dpdk-dev] [PATCH] cfgfile: fix NULL pointer dereference
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Oct 2017 06:29:52 -0000

Function memchr() could return NULL and assign it to split[1] pointer.
Additional check and error handing is made after memchr() call.

Coverity issue: 195004
Fixes: a6a47ac9c2c9 ("cfgfile: rework load function")
Cc: jacekx.piasecki@intel.com
Cc: stable@dpdk.org

Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
---
 lib/librte_cfgfile/rte_cfgfile.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
index 124aef5..80077b6 100644
--- a/lib/librte_cfgfile/rte_cfgfile.c
+++ b/lib/librte_cfgfile/rte_cfgfile.c
@@ -241,6 +241,11 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
 
 			split[0] = buffer;
 			split[1] = memchr(buffer, '=', len);
+			if (split[1] == NULL) {
+				printf("Error line %d - no '='"
+					"character found\n", lineno);
+				goto error1;
+			}
 			*split[1] = '\0';
 			split[1]++;
 
@@ -268,7 +273,7 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
 				goto error1;
 
 			_add_entry(&cfg->sections[cfg->num_sections - 1],
-					split[0], (split[1] ? split[1] : ""));
+					split[0], split[1]);
 		}
 	}
 	fclose(f);
-- 
2.7.4