From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id CECA7214A for ; Thu, 28 Apr 2016 13:09:53 +0200 (CEST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga102.fm.intel.com with ESMTP; 28 Apr 2016 04:09:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,546,1455004800"; d="scan'208";a="693677190" Received: from irsmsx101.ger.corp.intel.com ([163.33.3.153]) by FMSMGA003.fm.intel.com with ESMTP; 28 Apr 2016 04:09:52 -0700 Received: from irsmsx108.ger.corp.intel.com ([169.254.11.238]) by IRSMSX101.ger.corp.intel.com ([169.254.1.157]) with mapi id 14.03.0248.002; Thu, 28 Apr 2016 12:09:51 +0100 From: "Dumitrescu, Cristian" To: "Kobylinski, MichalX" , "dev@dpdk.org" Thread-Topic: [PATCH] cfgfile: fix integer overflow Thread-Index: AQHRnIfFEV7zJdIlL0y8/aW/bWqL+5+fQ2rA Date: Thu, 28 Apr 2016 11:09:51 +0000 Message-ID: <3EB4FA525960D640B5BDFFD6A3D89126479A6F0C@IRSMSX108.ger.corp.intel.com> References: <1461321661-30272-1-git-send-email-michalx.kobylinski@intel.com> In-Reply-To: <1461321661-30272-1-git-send-email-michalx.kobylinski@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZmVjZWFhYTYtZmE0Zi00MGVmLThjZDEtNDg0YmI0Njc0ZmQxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IjFNbmFKZnBTWFhwRGlPWEM2MmJVQ2NkRUJ1OFNTaFFLSzZQNzFQTWUxd289In0= x-ctpclassification: CTP_IC x-originating-ip: [163.33.239.180] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 11:09:54 -0000 > -----Original Message----- > From: Kobylinski, MichalX > Sent: Friday, April 22, 2016 11:41 AM > To: Dumitrescu, Cristian ; dev@dpdk.org > Cc: Kobylinski, MichalX > Subject: [PATCH] cfgfile: fix integer overflow >=20 > Fix issue reported by Coverity. >=20 > Coverity ID 13289: Integer overflowed argument: The argument will be too > small or even negative, likely resulting in unexpected behavior (for > example, under-allocation in a memory allocation function). > In rte_cfgfile_load: An integer overflow occurs, with the overflowed > value used as an argument to a function >=20 > Fixes: eaafbad419bf ("cfgfile: library to interpret config files") >=20 > Signed-off-by: Michal Kobylinski > --- > lib/librte_cfgfile/rte_cfgfile.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cf= gfile.c > index 75625a2..0a5a279 100644 > --- a/lib/librte_cfgfile/rte_cfgfile.c > +++ b/lib/librte_cfgfile/rte_cfgfile.c > @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags) > goto error1; > } > *end =3D '\0'; > - _strip(&buffer[1], end - &buffer[1]); > + _strip(&buffer[1], (unsigned)(end - &buffer[1])); >=20 > /* close off old section and add start new one */ > if (curr_section >=3D 0) > -- > 1.9.1 I don't understand the root issue here, can you please explain? It looks to me that "end" is always going to point to a location bigger or = equal to &buffer[1]. So the second parameter of _strip function is always g= oing to be a positive number (0 included).