From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Monjalon Subject: Re: [PATCH] cfgfile: fix integer overflow Date: Mon, 16 May 2016 12:05:45 +0200 Message-ID: <1677876.8C2acBUBqJ@xps13> References: <1461321661-30272-1-git-send-email-michalx.kobylinski@intel.com> <3EB4FA525960D640B5BDFFD6A3D89126479A6F0C@IRSMSX108.ger.corp.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: dev@dpdk.org, "Dumitrescu, Cristian" To: "Kobylinski, MichalX" Return-path: Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) by dpdk.org (Postfix) with ESMTP id 9045237AA for ; Mon, 16 May 2016 12:05:48 +0200 (CEST) Received: by mail-wm0-f44.google.com with SMTP id a17so127661723wme.0 for ; Mon, 16 May 2016 03:05:48 -0700 (PDT) In-Reply-To: <3EB4FA525960D640B5BDFFD6A3D89126479A6F0C@IRSMSX108.ger.corp.intel.com> List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 2016-04-28 11:09, Dumitrescu, Cristian: > From: Kobylinski, MichalX > > Fix issue reported by Coverity. > > > > Coverity ID 13289: Integer overflowed argument: The argument will be too > > small or even negative, likely resulting in unexpected behavior (for > > example, under-allocation in a memory allocation function). > > In rte_cfgfile_load: An integer overflow occurs, with the overflowed > > value used as an argument to a function > > > > Fixes: eaafbad419bf ("cfgfile: library to interpret config files") > > > > Signed-off-by: Michal Kobylinski > > I don't understand the root issue here, can you please explain? > > It looks to me that "end" is always going to point to a location bigger or equal to &buffer[1]. So the second parameter of _strip function is always going to be a positive number (0 included). Michal, any answer please?