From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 13BD71B6F4; Thu, 26 Oct 2017 08:29:51 +0200 (CEST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Oct 2017 23:29:45 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.43,434,1503385200"; d="scan'208";a="1210252089" Received: from gklab-246-073.igk.intel.com (HELO Sent) ([10.217.246.73]) by fmsmga001.fm.intel.com with SMTP; 25 Oct 2017 23:29:40 -0700 Received: by Sent (sSMTP sendmail emulation); Thu, 26 Oct 2017 08:24:07 +0200 From: Jacek Piasecki To: cristian.dumitrescu@intel.com Cc: dev@dpdk.org, Jacek Piasecki , stable@dpdk.org Date: Thu, 26 Oct 2017 08:24:06 +0200 Message-Id: <1508999046-5012-1-git-send-email-jacekx.piasecki@intel.com> X-Mailer: git-send-email 2.7.4 Subject: [dpdk-dev] [PATCH] cfgfile: fix NULL pointer dereference X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Oct 2017 06:29:52 -0000 Function memchr() could return NULL and assign it to split[1] pointer. Additional check and error handing is made after memchr() call. Coverity issue: 195004 Fixes: a6a47ac9c2c9 ("cfgfile: rework load function") Cc: jacekx.piasecki@intel.com Cc: stable@dpdk.org Signed-off-by: Jacek Piasecki --- lib/librte_cfgfile/rte_cfgfile.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c index 124aef5..80077b6 100644 --- a/lib/librte_cfgfile/rte_cfgfile.c +++ b/lib/librte_cfgfile/rte_cfgfile.c @@ -241,6 +241,11 @@ rte_cfgfile_load_with_params(const char *filename, int flags, split[0] = buffer; split[1] = memchr(buffer, '=', len); + if (split[1] == NULL) { + printf("Error line %d - no '='" + "character found\n", lineno); + goto error1; + } *split[1] = '\0'; split[1]++; @@ -268,7 +273,7 @@ rte_cfgfile_load_with_params(const char *filename, int flags, goto error1; _add_entry(&cfg->sections[cfg->num_sections - 1], - split[0], (split[1] ? split[1] : "")); + split[0], split[1]); } } fclose(f); -- 2.7.4