DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] cfgfile: fix integer overflow
@ 2016-04-22 10:41 Michal Kobylinski
  2016-04-22 16:23 ` Stephen Hemminger
  2016-04-28 11:09 ` Dumitrescu, Cristian
  0 siblings, 2 replies; 6+ messages in thread
From: Michal Kobylinski @ 2016-04-22 10:41 UTC (permalink / raw)
  To: cristian.dumitrescu, dev; +Cc: Michal Kobylinski

Fix issue reported by Coverity.

Coverity ID 13289: Integer overflowed argument: The argument will be too
small or even negative, likely resulting in unexpected behavior (for
example, under-allocation in a memory allocation function).
In rte_cfgfile_load: An integer overflow occurs, with the overflowed
value used as an argument to a function

Fixes: eaafbad419bf ("cfgfile: library to interpret config files")

Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
---
 lib/librte_cfgfile/rte_cfgfile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
index 75625a2..0a5a279 100644
--- a/lib/librte_cfgfile/rte_cfgfile.c
+++ b/lib/librte_cfgfile/rte_cfgfile.c
@@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
 				goto error1;
 			}
 			*end = '\0';
-			_strip(&buffer[1], end - &buffer[1]);
+			_strip(&buffer[1], (unsigned)(end - &buffer[1]));
 
 			/* close off old section and add start new one */
 			if (curr_section >= 0)
-- 
1.9.1

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
  2016-04-22 10:41 [dpdk-dev] [PATCH] cfgfile: fix integer overflow Michal Kobylinski
@ 2016-04-22 16:23 ` Stephen Hemminger
  2016-04-28 11:09 ` Dumitrescu, Cristian
  1 sibling, 0 replies; 6+ messages in thread
From: Stephen Hemminger @ 2016-04-22 16:23 UTC (permalink / raw)
  To: Michal Kobylinski; +Cc: cristian.dumitrescu, dev

On Fri, 22 Apr 2016 12:41:01 +0200
Michal Kobylinski <michalx.kobylinski@intel.com> wrote:

> Fix issue reported by Coverity.
> 
> Coverity ID 13289: Integer overflowed argument: The argument will be too
> small or even negative, likely resulting in unexpected behavior (for
> example, under-allocation in a memory allocation function).
> In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> value used as an argument to a function
> 
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> 
> Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
> ---
>  lib/librte_cfgfile/rte_cfgfile.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
> index 75625a2..0a5a279 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
>  				goto error1;
>  			}
>  			*end = '\0';
> -			_strip(&buffer[1], end - &buffer[1]);
> +			_strip(&buffer[1], (unsigned)(end - &buffer[1]));
>  

The cast doesn't actually fix any potential bug. It just causes the
function to get an signed overflow value.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
  2016-04-22 10:41 [dpdk-dev] [PATCH] cfgfile: fix integer overflow Michal Kobylinski
  2016-04-22 16:23 ` Stephen Hemminger
@ 2016-04-28 11:09 ` Dumitrescu, Cristian
  2016-05-16 10:05   ` Thomas Monjalon
  1 sibling, 1 reply; 6+ messages in thread
From: Dumitrescu, Cristian @ 2016-04-28 11:09 UTC (permalink / raw)
  To: Kobylinski, MichalX, dev



> -----Original Message-----
> From: Kobylinski, MichalX
> Sent: Friday, April 22, 2016 11:41 AM
> To: Dumitrescu, Cristian <cristian.dumitrescu@intel.com>; dev@dpdk.org
> Cc: Kobylinski, MichalX <michalx.kobylinski@intel.com>
> Subject: [PATCH] cfgfile: fix integer overflow
> 
> Fix issue reported by Coverity.
> 
> Coverity ID 13289: Integer overflowed argument: The argument will be too
> small or even negative, likely resulting in unexpected behavior (for
> example, under-allocation in a memory allocation function).
> In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> value used as an argument to a function
> 
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> 
> Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
> ---
>  lib/librte_cfgfile/rte_cfgfile.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
> index 75625a2..0a5a279 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
>  				goto error1;
>  			}
>  			*end = '\0';
> -			_strip(&buffer[1], end - &buffer[1]);
> +			_strip(&buffer[1], (unsigned)(end - &buffer[1]));
> 
>  			/* close off old section and add start new one */
>  			if (curr_section >= 0)
> --
> 1.9.1

I don't understand the root issue here, can you please explain?

It looks to me that "end" is always going to point to a location bigger or equal to &buffer[1]. So the second parameter of _strip function is always going to be a positive number (0 included).

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
  2016-04-28 11:09 ` Dumitrescu, Cristian
@ 2016-05-16 10:05   ` Thomas Monjalon
  2016-05-16 12:50     ` Kobylinski, MichalX
  0 siblings, 1 reply; 6+ messages in thread
From: Thomas Monjalon @ 2016-05-16 10:05 UTC (permalink / raw)
  To: Kobylinski, MichalX; +Cc: dev, Dumitrescu, Cristian

2016-04-28 11:09, Dumitrescu, Cristian:
> From: Kobylinski, MichalX
> > Fix issue reported by Coverity.
> > 
> > Coverity ID 13289: Integer overflowed argument: The argument will be too
> > small or even negative, likely resulting in unexpected behavior (for
> > example, under-allocation in a memory allocation function).
> > In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> > value used as an argument to a function
> > 
> > Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> > 
> > Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
> 
> I don't understand the root issue here, can you please explain?
> 
> It looks to me that "end" is always going to point to a location bigger or equal to &buffer[1]. So the second parameter of _strip function is always going to be a positive number (0 included).

Michal, any answer please?

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
  2016-05-16 10:05   ` Thomas Monjalon
@ 2016-05-16 12:50     ` Kobylinski, MichalX
  2016-05-16 12:58       ` Mcnamara, John
  0 siblings, 1 reply; 6+ messages in thread
From: Kobylinski, MichalX @ 2016-05-16 12:50 UTC (permalink / raw)
  To: Thomas Monjalon; +Cc: dev, Dumitrescu, Cristian



> -----Original Message-----
> From: Thomas Monjalon [mailto:thomas.monjalon@6wind.com]
> Sent: Monday, May 16, 2016 12:06 PM
> To: Kobylinski, MichalX <michalx.kobylinski@intel.com>
> Cc: dev@dpdk.org; Dumitrescu, Cristian <cristian.dumitrescu@intel.com>
> Subject: Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
> Importance: High
> 
> 2016-04-28 11:09, Dumitrescu, Cristian:
> > From: Kobylinski, MichalX
> > > Fix issue reported by Coverity.
> > >
> > > Coverity ID 13289: Integer overflowed argument: The argument will be
> > > too small or even negative, likely resulting in unexpected behavior
> > > (for example, under-allocation in a memory allocation function).
> > > In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> > > value used as an argument to a function
> > >
> > > Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> > >
> > > Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
> >
> > I don't understand the root issue here, can you please explain?
> >
> > It looks to me that "end" is always going to point to a location bigger or
> equal to &buffer[1]. So the second parameter of _strip function is always
> going to be a positive number (0 included).
> 
> Michal, any answer please?

Hi Thomas, Cristian

Coverity show that there is overflowed value.
But the second parameter will never be greater than 254 (its range is 0 - 254).
I used cast this parameter to unsigned in order that resolved bug reported by static analysis.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
  2016-05-16 12:50     ` Kobylinski, MichalX
@ 2016-05-16 12:58       ` Mcnamara, John
  0 siblings, 0 replies; 6+ messages in thread
From: Mcnamara, John @ 2016-05-16 12:58 UTC (permalink / raw)
  To: Kobylinski, MichalX, Thomas Monjalon; +Cc: dev, Dumitrescu, Cristian



> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Kobylinski, MichalX
> Sent: Monday, May 16, 2016 1:51 PM
> To: Thomas Monjalon <thomas.monjalon@6wind.com>
> Cc: dev@dpdk.org; Dumitrescu, Cristian <cristian.dumitrescu@intel.com>
> Subject: Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
> ...
> Coverity show that there is overflowed value.
> But the second parameter will never be greater than 254 (its range is 0 -
> 254).
> I used cast this parameter to unsigned in order that resolved bug reported
> by static analysis.

Hi,

If the error cannot happen in a real application then you can mark the defect
as a false positive in Coverity. Add some of the information provided above as
to why it is a false positive to the comments section of the defect or add a 
link to the patchwork discussion.

John

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2016-05-16 12:58 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-22 10:41 [dpdk-dev] [PATCH] cfgfile: fix integer overflow Michal Kobylinski
2016-04-22 16:23 ` Stephen Hemminger
2016-04-28 11:09 ` Dumitrescu, Cristian
2016-05-16 10:05   ` Thomas Monjalon
2016-05-16 12:50     ` Kobylinski, MichalX
2016-05-16 12:58       ` Mcnamara, John

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).