From: Stephen Hemminger <stephen@networkplumber.org>
Sent: Wednesday, October 23, 2024 9:46 PM
To: Hanumanth Reddy Pothula <hpothula@marvell.com>
Cc: Jerin Jacob <jerinj@marvell.com>; dev@dpdk.org; Harman Kalra <hkalra@marvell.com>
Subject: [EXTERNAL] Re: [PATCH v2 1/1] event/octeontx: resolve possible integer overflow

On Wed, 23 Oct 2024 12: 45: 46 +0530 Hanumanth Pothula <hpothula@ marvell. com> wrote: > static int > -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque) > +ssovf_parsekv(const char *key, const char *value,


On Wed, 23 Oct 2024 12:45:46 +0530

Hanumanth Pothula <hpothula@marvell.com<mailto:hpothula@marvell.com>> wrote:



>  static int

> -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)

> +ssovf_parsekv(const char *key, const char *value, void *opaque)

>  {

> -         int *flag = opaque;

> -         *flag = !!atoi(value);

> +        uint8_t *flag = opaque;

> +        uint64_t v;

> +        char *end;

> +

> +        errno = 0;

> +        v = (uint8_t)strtoul(value, &end, 0);



Cast will cause truncation of large values.



Maybe:

              v = strtoul(value, &end, 0);

              if (errno != 0 || value == end || *end != '\0' || v > UINT8_MAX) {

...



Thanks for the review/comment.
Here, the value can only be ‘0’ or ‘1’, so truncation won’t be an issue.





> +        if ((errno != 0) || (value == end) || *end != '\0') {

> +                       ssovf_log_err("invalid %s value %s", key, value);

> +                       return -EINVAL;

> +        }

> +

> +        *flag = !!v;

>           return 0;

>  }