From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cristian.dumitrescu@intel.com>
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by dpdk.org (Postfix) with ESMTP id 9B5CF47D1
 for <dev@dpdk.org>; Thu, 28 Apr 2016 12:59:23 +0200 (CEST)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga101.fm.intel.com with ESMTP; 28 Apr 2016 03:59:22 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.24,546,1455004800"; d="scan'208";a="794174863"
Received: from irsmsx104.ger.corp.intel.com ([163.33.3.159])
 by orsmga003.jf.intel.com with ESMTP; 28 Apr 2016 03:59:21 -0700
Received: from irsmsx111.ger.corp.intel.com (10.108.20.4) by
 IRSMSX104.ger.corp.intel.com (163.33.3.159) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 28 Apr 2016 11:59:21 +0100
Received: from irsmsx108.ger.corp.intel.com ([169.254.11.238]) by
 irsmsx111.ger.corp.intel.com ([169.254.2.16]) with mapi id 14.03.0248.002;
 Thu, 28 Apr 2016 11:59:21 +0100
From: "Dumitrescu, Cristian" <cristian.dumitrescu@intel.com>
To: "Jastrzebski, MichalX K" <michalx.k.jastrzebski@intel.com>, "Zhang, Roy
 Fan" <roy.fan.zhang@intel.com>, "Singh, Jasvinder"
 <jasvinder.singh@intel.com>
CC: "dev@dpdk.org" <dev@dpdk.org>, "Mrozowicz, SlawomirX"
 <slawomirx.mrozowicz@intel.com>
Thread-Topic: [PATCH v2] examples/qos_sched: fix out-of-bounds read
Thread-Index: AQHRm8O5DEXb1S5BHUqlvML7/i6IQ5+fQnOg
Date: Thu, 28 Apr 2016 10:59:20 +0000
Message-ID: <3EB4FA525960D640B5BDFFD6A3D89126479A6EAC@IRSMSX108.ger.corp.intel.com>
References: <1461239256-8104-1-git-send-email-michalx.k.jastrzebski@intel.com>
 <1461239256-8104-5-git-send-email-michalx.k.jastrzebski@intel.com>
In-Reply-To: <1461239256-8104-5-git-send-email-michalx.k.jastrzebski@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYmNmYzEzN2EtMDJhOC00NmVhLTgyNmQtYWQ1MDhjYzdkODcxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6ImRaNHl0QTVMNGc4azBubjV1Y01oM1lTa2lMZlc0YkhwTGR0TXNRcTFGaUU9In0=
x-ctpclassification: CTP_IC
x-originating-ip: [163.33.239.180]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH v2] examples/qos_sched: fix out-of-bounds read
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 10:59:24 -0000



> -----Original Message-----
> From: Jastrzebski, MichalX K
> Sent: Thursday, April 21, 2016 12:48 PM
> To: Dumitrescu, Cristian <cristian.dumitrescu@intel.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Singh, Jasvinder <jasvinder.singh@intel.com>
> Cc: dev@dpdk.org; Mrozowicz, SlawomirX
> <slawomirx.mrozowicz@intel.com>
> Subject: [PATCH v2] examples/qos_sched: fix out-of-bounds read
>=20
> From: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
>=20
> Fix issue reported by Coverity.
>=20
> Coverity ID 30708: Out-of-bounds read
> overrun-local: Overrunning array tokens of 8 8-byte elements
> at element index 4294967294 (byte offset 34359738352)
> using index i (which evaluates to 4294967294).
>=20
> Fixes: de3cfa2c9823 ("sched: initial import")
>=20
> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> ---
>  examples/qos_sched/args.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>=20
> diff --git a/examples/qos_sched/args.c b/examples/qos_sched/args.c
> index 3e7fd08..d819269 100644
> --- a/examples/qos_sched/args.c
> +++ b/examples/qos_sched/args.c
> @@ -175,9 +175,11 @@ app_parse_opt_vals(const char *conf_str, char
> separator, uint32_t n_vals, uint32
>=20
>  	n_tokens =3D rte_strsplit(string, strnlen(string, 32), tokens, n_vals,
> separator);
>=20
> -	for(i =3D 0; i < n_tokens; i++) {
> +	if (n_tokens > MAX_OPT_VALUES)
> +		return -1;
> +
> +	for (i =3D 0; i < n_tokens; i++)
>  		opt_vals[i] =3D (uint32_t)atol(tokens[i]);
> -	}
>=20
>  	free(string);
>=20
> --
> 1.9.1

Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>