From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 49227A00C5; Thu, 30 Apr 2020 11:42:00 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 266F51DACA; Thu, 30 Apr 2020 11:42:00 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id BE1911DA5D; Thu, 30 Apr 2020 11:41:58 +0200 (CEST) IronPort-SDR: DbaGkVPq/AbXSSFieTPjR02ezz1Ute5GEaypi908AfJ1GqVu/EhbI/5TfAxfxRewmJ6nZc1Nlu 1j1iTBlcuGXw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Apr 2020 02:41:57 -0700 IronPort-SDR: eeB1ftlsDwpdPzUgIQDnvvc7bX9llDoK1M1Zd4F4zgwSOpilvfTnPkD0lw+jD/9Wjmm1mh7SG2 op2BaHxm1ypA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,334,1583222400"; d="scan'208";a="261719595" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga006.jf.intel.com with ESMTP; 30 Apr 2020 02:41:57 -0700 Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 30 Apr 2020 02:41:56 -0700 Received: from cdsmsx152.ccr.corp.intel.com (172.17.4.41) by fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 30 Apr 2020 02:41:56 -0700 Received: from cdsmsx102.ccr.corp.intel.com ([169.254.2.104]) by CDSMSX152.ccr.corp.intel.com ([169.254.6.50]) with mapi id 14.03.0439.000; Thu, 30 Apr 2020 17:41:52 +0800 From: "Huang, ZhiminX" To: Olivier Matz , "dev@dpdk.org" CC: "stable@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD Thread-Index: AQHWHiiSYwZxJEGguEO2pKVKFfb09qiRaqEg Date: Thu, 30 Apr 2020 09:41:51 +0000 Message-ID: <1DCDE90B92229844B9E6C0E67C1C8D6B046A1754@CDSMSX102.ccr.corp.intel.com> References: <20200429131700.25294-1-olivier.matz@6wind.com> In-Reply-To: <20200429131700.25294-1-olivier.matz@6wind.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.17.6.105] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Tested-by:=A0Huang, ZhiminX Regards, HuangZhiMin -----Original Message----- From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Olivier Matz Sent: Wednesday, April 29, 2020 9:17 PM To: dev@dpdk.org Cc: stable@dpdk.org Subject: [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token= on FreeBSD The behavior of strtok_r() is not the same between GNU libc and FreeBSD libc: in the first case, the context is set to "" when the last token is re= turned, while in the second case it is set to NULL. On FreeBSD, the current code crashes because we are dereferencing a NULL po= inter (ctx1). Fix it by first checking if it is NULL. This works with both = GNU and FreeBSD libc. Fixes: ffcf831454a9 ("kvargs: fix buffer overflow when parsing list") Cc: stable@dpdk.org Signed-off-by: Olivier Matz --- lib/librte_kvargs/rte_kvargs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/librte_kvargs/rte_kvargs.c b/lib/librte_kvargs/rte_kvargs.= c index 1d815dcd9..285081c86 100644 --- a/lib/librte_kvargs/rte_kvargs.c +++ b/lib/librte_kvargs/rte_kvargs.c @@ -50,7 +50,7 @@ rte_kvargs_tokenize(struct rte_kvargs *kvlist, const char= *params) /* Find the end of the list. */ while (str[strlen(str) - 1] !=3D ']') { /* Restore the comma erased by strtok_r(). */ - if (ctx1[0] =3D=3D '\0') + if (ctx1 =3D=3D NULL || ctx1[0] =3D=3D '\0') return -1; /* no closing bracket */ str[strlen(str)] =3D ','; /* Parse until next comma. */ -- 2.25.1