From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <olivier.matz@6wind.com>
Received: from mail.droids-corp.org (zoll.droids-corp.org [94.23.50.67])
 by dpdk.org (Postfix) with ESMTP id 77A39B4C0
 for <dev@dpdk.org>; Fri, 13 Feb 2015 15:05:58 +0100 (CET)
Received: from was59-1-82-226-113-214.fbx.proxad.net ([82.226.113.214]
 helo=[192.168.0.10])
 by mail.droids-corp.org with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
 (Exim 4.80) (envelope-from <olivier.matz@6wind.com>)
 id 1YMGw7-0004mx-RH; Fri, 13 Feb 2015 15:09:46 +0100
Message-ID: <54DE04B8.6080708@6wind.com>
Date: Fri, 13 Feb 2015 15:05:44 +0100
From: Olivier MATZ <olivier.matz@6wind.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Icedove/31.3.0
MIME-Version: 1.0
To: Neil Horman <nhorman@tuxdriver.com>, 
 Cunming Liang <cunming.liang@intel.com>
References: <1423728996-3004-1-git-send-email-cunming.liang@intel.com>
 <1423791501-1555-1-git-send-email-cunming.liang@intel.com>
 <1423791501-1555-5-git-send-email-cunming.liang@intel.com>
 <20150213134933.GA13495@neilslaptop.think-freely.org>
In-Reply-To: <20150213134933.GA13495@neilslaptop.think-freely.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH v6 04/19] eal: fix wrong strnlen() return
 value in 32bit icc
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2015 14:05:58 -0000

Hi Neil,

On 02/13/2015 02:49 PM, Neil Horman wrote:
> On Fri, Feb 13, 2015 at 09:38:06AM +0800, Cunming Liang wrote:
>> The problem is that strnlen() here may return invalid value with 32bit icc.
>> (actually it returns it’s second parameter,e.g: sysconf(_SC_ARG_MAX)).
>> It starts to manifest hwen max_len parameter is > 2M and using icc –m32 –O2 (or above).
>>
>> Suggested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
>> Signed-off-by: Cunming Liang <cunming.liang@intel.com>
>> ---
>>  v5 changes:
>>    using strlen instead of strnlen.
>>
>>  lib/librte_eal/common/eal_common_options.c | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c
>> index 178e303..9cf2faa 100644
>> --- a/lib/librte_eal/common/eal_common_options.c
>> +++ b/lib/librte_eal/common/eal_common_options.c
>> @@ -167,7 +167,7 @@ eal_parse_coremask(const char *coremask)
>>  	if (coremask[0] == '0' && ((coremask[1] == 'x')
>>  		|| (coremask[1] == 'X')))
>>  		coremask += 2;
>> -	i = strnlen(coremask, PATH_MAX);
>> +	i = strlen(coremask);
> This is crash prone.  If coremask is passed in without a trailing null pointer,
> strlen will return a huge value that can overrun the array.

We discussed that in a previous thread:
http://dpdk.org/ml/archives/dev/2015-February/012552.html

coremask is always a valid nul-terminated string as it comes from
argv[] table.
It is not a memory fragment that is controlled by a user, so I don't
think using strnlen() instead of strlen() would solve any issue.

Regards,
Olivier