From: "Burakov, Anatoly" <anatoly.burakov@intel.com>
To: "Tan, Jianfeng" <jianfeng.tan@intel.com>, dev@dpdk.org
Cc: thomas@monjalon.net
Subject: Re: [dpdk-dev] [PATCH 5/5] malloc: fix potential negative return
Date: Wed, 25 Apr 2018 09:50:32 +0100 [thread overview]
Message-ID: <a1d18e2e-c989-592f-be94-5c27ccebfbe3@intel.com> (raw)
In-Reply-To: <a9087849-4a60-2490-6d5c-983795955523@intel.com>
On 25-Apr-18 9:24 AM, Tan, Jianfeng wrote:
>
>
> On 4/17/2018 11:48 PM, Anatoly Burakov wrote:
>> Return value from rte_socket_id_by_idx() may be negative, which would
>> result in negative index access.
>>
>> Additionally, return value was of mismatched type (function returns
>> signed int, socket id was unsigned).
>>
>> Coverity issue: 272571
>> Coverity issue: 272597
>>
>> Fixes: 30bc6bf0d516 ("malloc: add function to dump heap contents")
>> Cc: anatoly.burakov@intel.com
>>
>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>> ---
>> lib/librte_eal/common/rte_malloc.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/librte_eal/common/rte_malloc.c
>> b/lib/librte_eal/common/rte_malloc.c
>> index b51a6d1..f207ba2 100644
>> --- a/lib/librte_eal/common/rte_malloc.c
>> +++ b/lib/librte_eal/common/rte_malloc.c
>> @@ -169,7 +169,11 @@ rte_malloc_dump_heaps(FILE *f)
>> unsigned int idx;
>> for (idx = 0; idx < rte_socket_count(); idx++) {
>> - unsigned int socket = rte_socket_id_by_idx(idx);
>> + int socket = rte_socket_id_by_idx(idx);
>> + if (socket < 0) {
>> + RTE_LOG(ERR, EAL, "Invalid socket index: %u\n", idx);
>> + continue;
>> + }
>
> For such check (and many others), we are clear that idx is guaranteed by
> rte_socket_count(), so rte_socket_id_by_idx() can never return -1. So
> why not just reporting this as false-positive?
Well, technically, if someone were to corrupt rte_config, it would
introduce a possibility of a negative return. However, i guess, at that
point we've got bigger problems, so perhaps you're right and i should
drop these fixes.
>
> Thanks,
> Jianfeng
>
>> fprintf(f, "Heap on socket %i:\n", socket);
>> malloc_heap_dump(&mcfg->malloc_heaps[socket], f);
>> }
>
>
--
Thanks,
Anatoly
next prev parent reply other threads:[~2018-04-25 8:50 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-17 15:48 [dpdk-dev] [PATCH 0/5] Coverity fixes for malloc Anatoly Burakov
2018-04-17 15:48 ` [dpdk-dev] [PATCH 1/5] malloc: replace snprintf with strlcpy Anatoly Burakov
2018-04-17 15:48 ` [dpdk-dev] [PATCH 2/5] malloc: fix potential out-of-bounds array access Anatoly Burakov
2018-04-17 15:48 ` [dpdk-dev] [PATCH 3/5] malloc: fix potential negative return Anatoly Burakov
2018-04-17 15:48 ` [dpdk-dev] [PATCH 4/5] malloc: fix potential dereferencing of NULL pointer Anatoly Burakov
2018-04-17 15:48 ` [dpdk-dev] [PATCH 5/5] malloc: fix potential negative return Anatoly Burakov
2018-04-25 8:24 ` Tan, Jianfeng
2018-04-25 8:50 ` Burakov, Anatoly [this message]
2018-04-25 10:15 ` [dpdk-dev] [PATCH v2 0/3] Coverity fixes for malloc Anatoly Burakov
2018-04-27 21:33 ` Thomas Monjalon
2018-04-25 10:15 ` [dpdk-dev] [PATCH v2 1/3] malloc: replace snprintf with strlcpy Anatoly Burakov
2018-04-27 15:57 ` Van Haaren, Harry
2018-04-25 10:15 ` [dpdk-dev] [PATCH v2 2/3] malloc: fix potential out-of-bounds array access Anatoly Burakov
2018-04-27 15:57 ` Van Haaren, Harry
2018-04-25 10:15 ` [dpdk-dev] [PATCH v2 3/3] malloc: fix potential dereferencing of NULL pointer Anatoly Burakov
2018-04-27 15:57 ` Van Haaren, Harry
2018-04-27 16:02 ` Burakov, Anatoly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a1d18e2e-c989-592f-be94-5c27ccebfbe3@intel.com \
--to=anatoly.burakov@intel.com \
--cc=dev@dpdk.org \
--cc=jianfeng.tan@intel.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).