From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id EC0772C4B for ; Fri, 22 Apr 2016 13:11:46 +0200 (CEST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP; 22 Apr 2016 04:11:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,516,1455004800"; d="scan'208";a="964218220" Received: from gklab-246-020.igk.intel.com (HELO Sent) ([10.217.246.20]) by fmsmga002.fm.intel.com with SMTP; 22 Apr 2016 04:11:44 -0700 Received: by Sent (sSMTP sendmail emulation); Fri, 22 Apr 2016 12:41:03 +0200 From: Michal Kobylinski To: cristian.dumitrescu@intel.com, dev@dpdk.org Cc: Michal Kobylinski Date: Fri, 22 Apr 2016 12:41:01 +0200 Message-Id: <1461321661-30272-1-git-send-email-michalx.kobylinski@intel.com> X-Mailer: git-send-email 1.9.1 Subject: [dpdk-dev] [PATCH] cfgfile: fix integer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2016 11:11:47 -0000 Fix issue reported by Coverity. Coverity ID 13289: Integer overflowed argument: The argument will be too small or even negative, likely resulting in unexpected behavior (for example, under-allocation in a memory allocation function). In rte_cfgfile_load: An integer overflow occurs, with the overflowed value used as an argument to a function Fixes: eaafbad419bf ("cfgfile: library to interpret config files") Signed-off-by: Michal Kobylinski --- lib/librte_cfgfile/rte_cfgfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c index 75625a2..0a5a279 100644 --- a/lib/librte_cfgfile/rte_cfgfile.c +++ b/lib/librte_cfgfile/rte_cfgfile.c @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags) goto error1; } *end = '\0'; - _strip(&buffer[1], end - &buffer[1]); + _strip(&buffer[1], (unsigned)(end - &buffer[1])); /* close off old section and add start new one */ if (curr_section >= 0) -- 1.9.1