From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nhorman@tuxdriver.com>
Received: from smtp.tuxdriver.com (charlotte.tuxdriver.com [70.61.120.58])
 by dpdk.org (Postfix) with ESMTP id 65E02B4AA
 for <dev@dpdk.org>; Fri, 13 Feb 2015 14:49:44 +0100 (CET)
Received: from [67.210.173.2] (helo=localhost)
 by smtp.tuxdriver.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.63)
 (envelope-from <nhorman@tuxdriver.com>)
 id 1YMGcn-0002Fz-0G; Fri, 13 Feb 2015 08:49:43 -0500
Date: Fri, 13 Feb 2015 08:49:34 -0500
From: Neil Horman <nhorman@tuxdriver.com>
To: Cunming Liang <cunming.liang@intel.com>
Message-ID: <20150213134933.GA13495@neilslaptop.think-freely.org>
References: <1423728996-3004-1-git-send-email-cunming.liang@intel.com>
 <1423791501-1555-1-git-send-email-cunming.liang@intel.com>
 <1423791501-1555-5-git-send-email-cunming.liang@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1423791501-1555-5-git-send-email-cunming.liang@intel.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam-Score: -2.9 (--)
X-Spam-Status: No
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH v6 04/19] eal: fix wrong strnlen() return
 value in 32bit icc
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2015 13:49:44 -0000

On Fri, Feb 13, 2015 at 09:38:06AM +0800, Cunming Liang wrote:
> The problem is that strnlen() here may return invalid value with 32bit icc.
> (actually it returns it’s second parameter,e.g: sysconf(_SC_ARG_MAX)).
> It starts to manifest hwen max_len parameter is > 2M and using icc –m32 –O2 (or above).
> 
> Suggested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Signed-off-by: Cunming Liang <cunming.liang@intel.com>
> ---
>  v5 changes:
>    using strlen instead of strnlen.
> 
>  lib/librte_eal/common/eal_common_options.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c
> index 178e303..9cf2faa 100644
> --- a/lib/librte_eal/common/eal_common_options.c
> +++ b/lib/librte_eal/common/eal_common_options.c
> @@ -167,7 +167,7 @@ eal_parse_coremask(const char *coremask)
>  	if (coremask[0] == '0' && ((coremask[1] == 'x')
>  		|| (coremask[1] == 'X')))
>  		coremask += 2;
> -	i = strnlen(coremask, PATH_MAX);
> +	i = strlen(coremask);
This is crash prone.  If coremask is passed in without a trailing null pointer,
strlen will return a huge value that can overrun the array.

This seems like a bug in icc, and should be fixed there.

Neil