From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stephen@networkplumber.org>
Received: from mail-pa0-f43.google.com (mail-pa0-f43.google.com
 [209.85.220.43]) by dpdk.org (Postfix) with ESMTP id 152DC91DC
 for <dev@dpdk.org>; Mon, 31 Aug 2015 18:44:48 +0200 (CEST)
Received: by pabpg12 with SMTP id pg12so12057992pab.3
 for <dev@dpdk.org>; Mon, 31 Aug 2015 09:44:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
 :references:mime-version:content-type:content-transfer-encoding;
 bh=RbyQonWZRXjtku3LisOmfwUtjhMaSHoios3bkvCc4gs=;
 b=hqw+0n1EIgJEf2+ms5/Z00gM0P8aHiiryFHoJ6oneYAfFtF6t112Yo9VuEbYn41rww
 z5PdxDobjXeBXwZkA0hdAcVXWIEIRsWXARdMd8/FRDp21c4gz86pGPPAyaxeQYam/Mm7
 8DJ285PjKJ+RQdDf2SRPB5uEWULYeFeWIqQJJYw0RR4800W+s1XBXOhqQyus30c1rjxu
 x47PcArq+sR3dMWyVNvymH2aU2JSpVqtf4tEEPmvIWxW4DQ6b274PAqw4/zLtUxj/xIv
 umHkI7uqTexIki512QIDPuXQgWZFEjJ/Vp6RroH+WlUaKGc5WDFu+flAJB4ihwb2YdMG
 +GHw==
X-Gm-Message-State: ALoCoQmDBPnSunINdHGkMF4H56ojLXzClRd+jH2W9C9GZnlAdlUZILGYS8DoChE9Yu61HfpR27Yo
X-Received: by 10.68.133.167 with SMTP id pd7mr37639662pbb.23.1441039487260;
 Mon, 31 Aug 2015 09:44:47 -0700 (PDT)
Received: from urahara (static-50-53-82-155.bvtn.or.frontiernet.net.
 [50.53.82.155])
 by smtp.gmail.com with ESMTPSA id eg2sm15338147pad.44.2015.08.31.09.44.46
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 31 Aug 2015 09:44:46 -0700 (PDT)
Date: Mon, 31 Aug 2015 09:44:56 -0700
From: Stephen Hemminger <stephen@networkplumber.org>
To: "Ouyang, Changchun" <changchun.ouyang@intel.com>
Message-ID: <20150831094456.739b2f65@urahara>
In-Reply-To: <F52918179C57134FAEC9EA62FA2F962511CEC6A8@shsmsx102.ccr.corp.intel.com>
References: <1440779019-10793-1-git-send-email-stephen@networkplumber.org>
 <1440779019-10793-3-git-send-email-stephen@networkplumber.org>
 <F52918179C57134FAEC9EA62FA2F962511CEC6A8@shsmsx102.ccr.corp.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 2/3] virtio: fix Coverity unsigned warnings
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2015 16:44:48 -0000

On Mon, 31 Aug 2015 01:38:44 +0000
"Ouyang, Changchun" <changchun.ouyang@intel.com> wrote:

> Hi Stephen,
> 
> > -----Original Message-----
> > From: Stephen Hemminger [mailto:stephen@networkplumber.org]
> > Sent: Saturday, August 29, 2015 12:24 AM
> > To: Xie, Huawei; Ouyang, Changchun
> > Cc: dev@dpdk.org; Stephen Hemminger
> > Subject: [PATCH 2/3] virtio: fix Coverity unsigned warnings
> > 
> > There are some places in virtio driver where uint16_t or int are used where it
> > would be safer to use unsigned.  
> 
> Why will it be safer?

Integer to unsigned conversion risks bugs about sign extension and wrap around.
There is a whole class of security related bug possiblities caused by just this
kind of thing. In this case the code is hidden behind layers which make
it unlikely to be exploitable, but as a general policy it is best not to use
signed types unless absolutely necessary.

That is why tools like Coverity are so picky about this.