* [dpdk-dev] [PATCH] cfgfile: fix integer overflow
@ 2016-04-22 10:41 Michal Kobylinski
2016-04-22 16:23 ` Stephen Hemminger
2016-04-28 11:09 ` Dumitrescu, Cristian
0 siblings, 2 replies; 6+ messages in thread
From: Michal Kobylinski @ 2016-04-22 10:41 UTC (permalink / raw)
To: cristian.dumitrescu, dev; +Cc: Michal Kobylinski
Fix issue reported by Coverity.
Coverity ID 13289: Integer overflowed argument: The argument will be too
small or even negative, likely resulting in unexpected behavior (for
example, under-allocation in a memory allocation function).
In rte_cfgfile_load: An integer overflow occurs, with the overflowed
value used as an argument to a function
Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
---
lib/librte_cfgfile/rte_cfgfile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
index 75625a2..0a5a279 100644
--- a/lib/librte_cfgfile/rte_cfgfile.c
+++ b/lib/librte_cfgfile/rte_cfgfile.c
@@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
goto error1;
}
*end = '\0';
- _strip(&buffer[1], end - &buffer[1]);
+ _strip(&buffer[1], (unsigned)(end - &buffer[1]));
/* close off old section and add start new one */
if (curr_section >= 0)
--
1.9.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
2016-04-22 10:41 [dpdk-dev] [PATCH] cfgfile: fix integer overflow Michal Kobylinski
@ 2016-04-22 16:23 ` Stephen Hemminger
2016-04-28 11:09 ` Dumitrescu, Cristian
1 sibling, 0 replies; 6+ messages in thread
From: Stephen Hemminger @ 2016-04-22 16:23 UTC (permalink / raw)
To: Michal Kobylinski; +Cc: cristian.dumitrescu, dev
On Fri, 22 Apr 2016 12:41:01 +0200
Michal Kobylinski <michalx.kobylinski@intel.com> wrote:
> Fix issue reported by Coverity.
>
> Coverity ID 13289: Integer overflowed argument: The argument will be too
> small or even negative, likely resulting in unexpected behavior (for
> example, under-allocation in a memory allocation function).
> In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> value used as an argument to a function
>
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
>
> Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
> ---
> lib/librte_cfgfile/rte_cfgfile.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
> index 75625a2..0a5a279 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
> goto error1;
> }
> *end = '\0';
> - _strip(&buffer[1], end - &buffer[1]);
> + _strip(&buffer[1], (unsigned)(end - &buffer[1]));
>
The cast doesn't actually fix any potential bug. It just causes the
function to get an signed overflow value.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
2016-04-22 10:41 [dpdk-dev] [PATCH] cfgfile: fix integer overflow Michal Kobylinski
2016-04-22 16:23 ` Stephen Hemminger
@ 2016-04-28 11:09 ` Dumitrescu, Cristian
2016-05-16 10:05 ` Thomas Monjalon
1 sibling, 1 reply; 6+ messages in thread
From: Dumitrescu, Cristian @ 2016-04-28 11:09 UTC (permalink / raw)
To: Kobylinski, MichalX, dev
> -----Original Message-----
> From: Kobylinski, MichalX
> Sent: Friday, April 22, 2016 11:41 AM
> To: Dumitrescu, Cristian <cristian.dumitrescu@intel.com>; dev@dpdk.org
> Cc: Kobylinski, MichalX <michalx.kobylinski@intel.com>
> Subject: [PATCH] cfgfile: fix integer overflow
>
> Fix issue reported by Coverity.
>
> Coverity ID 13289: Integer overflowed argument: The argument will be too
> small or even negative, likely resulting in unexpected behavior (for
> example, under-allocation in a memory allocation function).
> In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> value used as an argument to a function
>
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
>
> Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
> ---
> lib/librte_cfgfile/rte_cfgfile.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
> index 75625a2..0a5a279 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
> goto error1;
> }
> *end = '\0';
> - _strip(&buffer[1], end - &buffer[1]);
> + _strip(&buffer[1], (unsigned)(end - &buffer[1]));
>
> /* close off old section and add start new one */
> if (curr_section >= 0)
> --
> 1.9.1
I don't understand the root issue here, can you please explain?
It looks to me that "end" is always going to point to a location bigger or equal to &buffer[1]. So the second parameter of _strip function is always going to be a positive number (0 included).
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
2016-04-28 11:09 ` Dumitrescu, Cristian
@ 2016-05-16 10:05 ` Thomas Monjalon
2016-05-16 12:50 ` Kobylinski, MichalX
0 siblings, 1 reply; 6+ messages in thread
From: Thomas Monjalon @ 2016-05-16 10:05 UTC (permalink / raw)
To: Kobylinski, MichalX; +Cc: dev, Dumitrescu, Cristian
2016-04-28 11:09, Dumitrescu, Cristian:
> From: Kobylinski, MichalX
> > Fix issue reported by Coverity.
> >
> > Coverity ID 13289: Integer overflowed argument: The argument will be too
> > small or even negative, likely resulting in unexpected behavior (for
> > example, under-allocation in a memory allocation function).
> > In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> > value used as an argument to a function
> >
> > Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> >
> > Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
>
> I don't understand the root issue here, can you please explain?
>
> It looks to me that "end" is always going to point to a location bigger or equal to &buffer[1]. So the second parameter of _strip function is always going to be a positive number (0 included).
Michal, any answer please?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
2016-05-16 10:05 ` Thomas Monjalon
@ 2016-05-16 12:50 ` Kobylinski, MichalX
2016-05-16 12:58 ` Mcnamara, John
0 siblings, 1 reply; 6+ messages in thread
From: Kobylinski, MichalX @ 2016-05-16 12:50 UTC (permalink / raw)
To: Thomas Monjalon; +Cc: dev, Dumitrescu, Cristian
> -----Original Message-----
> From: Thomas Monjalon [mailto:thomas.monjalon@6wind.com]
> Sent: Monday, May 16, 2016 12:06 PM
> To: Kobylinski, MichalX <michalx.kobylinski@intel.com>
> Cc: dev@dpdk.org; Dumitrescu, Cristian <cristian.dumitrescu@intel.com>
> Subject: Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
> Importance: High
>
> 2016-04-28 11:09, Dumitrescu, Cristian:
> > From: Kobylinski, MichalX
> > > Fix issue reported by Coverity.
> > >
> > > Coverity ID 13289: Integer overflowed argument: The argument will be
> > > too small or even negative, likely resulting in unexpected behavior
> > > (for example, under-allocation in a memory allocation function).
> > > In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> > > value used as an argument to a function
> > >
> > > Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> > >
> > > Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
> >
> > I don't understand the root issue here, can you please explain?
> >
> > It looks to me that "end" is always going to point to a location bigger or
> equal to &buffer[1]. So the second parameter of _strip function is always
> going to be a positive number (0 included).
>
> Michal, any answer please?
Hi Thomas, Cristian
Coverity show that there is overflowed value.
But the second parameter will never be greater than 254 (its range is 0 - 254).
I used cast this parameter to unsigned in order that resolved bug reported by static analysis.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
2016-05-16 12:50 ` Kobylinski, MichalX
@ 2016-05-16 12:58 ` Mcnamara, John
0 siblings, 0 replies; 6+ messages in thread
From: Mcnamara, John @ 2016-05-16 12:58 UTC (permalink / raw)
To: Kobylinski, MichalX, Thomas Monjalon; +Cc: dev, Dumitrescu, Cristian
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Kobylinski, MichalX
> Sent: Monday, May 16, 2016 1:51 PM
> To: Thomas Monjalon <thomas.monjalon@6wind.com>
> Cc: dev@dpdk.org; Dumitrescu, Cristian <cristian.dumitrescu@intel.com>
> Subject: Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
> ...
> Coverity show that there is overflowed value.
> But the second parameter will never be greater than 254 (its range is 0 -
> 254).
> I used cast this parameter to unsigned in order that resolved bug reported
> by static analysis.
Hi,
If the error cannot happen in a real application then you can mark the defect
as a false positive in Coverity. Add some of the information provided above as
to why it is a false positive to the comments section of the defect or add a
link to the patchwork discussion.
John
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-05-16 12:58 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-22 10:41 [dpdk-dev] [PATCH] cfgfile: fix integer overflow Michal Kobylinski
2016-04-22 16:23 ` Stephen Hemminger
2016-04-28 11:09 ` Dumitrescu, Cristian
2016-05-16 10:05 ` Thomas Monjalon
2016-05-16 12:50 ` Kobylinski, MichalX
2016-05-16 12:58 ` Mcnamara, John
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).