From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id 2481B6CD6 for ; Mon, 16 May 2016 14:50:47 +0200 (CEST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP; 16 May 2016 05:50:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,627,1455004800"; d="scan'208";a="981994257" Received: from irsmsx154.ger.corp.intel.com ([163.33.192.96]) by fmsmga002.fm.intel.com with ESMTP; 16 May 2016 05:50:46 -0700 Received: from irsmsx101.ger.corp.intel.com ([169.254.1.19]) by IRSMSX154.ger.corp.intel.com ([169.254.12.222]) with mapi id 14.03.0248.002; Mon, 16 May 2016 13:50:44 +0100 From: "Kobylinski, MichalX" To: Thomas Monjalon CC: "dev@dpdk.org" , "Dumitrescu, Cristian" Thread-Topic: [dpdk-dev] [PATCH] cfgfile: fix integer overflow Thread-Index: AQHRnIfFHny0/kb1VUqZgco4JaUKWZ+fMySAgBw4DoCAADxTwA== Date: Mon, 16 May 2016 12:50:43 +0000 Message-ID: <987EE72691933347B9F0B5C19E71B5BB1F08244D@IRSMSX101.ger.corp.intel.com> References: <1461321661-30272-1-git-send-email-michalx.kobylinski@intel.com> <3EB4FA525960D640B5BDFFD6A3D89126479A6F0C@IRSMSX108.ger.corp.intel.com> <1677876.8C2acBUBqJ@xps13> In-Reply-To: <1677876.8C2acBUBqJ@xps13> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [163.33.239.181] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 May 2016 12:50:47 -0000 > -----Original Message----- > From: Thomas Monjalon [mailto:thomas.monjalon@6wind.com] > Sent: Monday, May 16, 2016 12:06 PM > To: Kobylinski, MichalX > Cc: dev@dpdk.org; Dumitrescu, Cristian > Subject: Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow > Importance: High >=20 > 2016-04-28 11:09, Dumitrescu, Cristian: > > From: Kobylinski, MichalX > > > Fix issue reported by Coverity. > > > > > > Coverity ID 13289: Integer overflowed argument: The argument will be > > > too small or even negative, likely resulting in unexpected behavior > > > (for example, under-allocation in a memory allocation function). > > > In rte_cfgfile_load: An integer overflow occurs, with the overflowed > > > value used as an argument to a function > > > > > > Fixes: eaafbad419bf ("cfgfile: library to interpret config files") > > > > > > Signed-off-by: Michal Kobylinski > > > > I don't understand the root issue here, can you please explain? > > > > It looks to me that "end" is always going to point to a location bigger= or > equal to &buffer[1]. So the second parameter of _strip function is always > going to be a positive number (0 included). >=20 > Michal, any answer please? Hi Thomas, Cristian Coverity show that there is overflowed value. But the second parameter will never be greater than 254 (its range is 0 - 2= 54). I used cast this parameter to unsigned in order that resolved bug reported = by static analysis.