From: Stephen Hemminger <stephen@networkplumber.org>
To: Michal Kobylinski <michalx.kobylinski@intel.com>
Cc: cristian.dumitrescu@intel.com, dev@dpdk.org
Subject: Re: [PATCH] cfgfile: fix integer overflow
Date: Fri, 22 Apr 2016 09:23:20 -0700 [thread overview]
Message-ID: <20160422092320.3796239c@xeon-e3> (raw)
In-Reply-To: <1461321661-30272-1-git-send-email-michalx.kobylinski@intel.com>
On Fri, 22 Apr 2016 12:41:01 +0200
Michal Kobylinski <michalx.kobylinski@intel.com> wrote:
> Fix issue reported by Coverity.
>
> Coverity ID 13289: Integer overflowed argument: The argument will be too
> small or even negative, likely resulting in unexpected behavior (for
> example, under-allocation in a memory allocation function).
> In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> value used as an argument to a function
>
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
>
> Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
> ---
> lib/librte_cfgfile/rte_cfgfile.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
> index 75625a2..0a5a279 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
> goto error1;
> }
> *end = '\0';
> - _strip(&buffer[1], end - &buffer[1]);
> + _strip(&buffer[1], (unsigned)(end - &buffer[1]));
>
The cast doesn't actually fix any potential bug. It just causes the
function to get an signed overflow value.
next prev parent reply other threads:[~2016-04-22 16:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-22 10:41 [PATCH] cfgfile: fix integer overflow Michal Kobylinski
2016-04-22 16:23 ` Stephen Hemminger [this message]
2016-04-28 11:09 ` Dumitrescu, Cristian
2016-05-16 10:05 ` Thomas Monjalon
2016-05-16 12:50 ` Kobylinski, MichalX
2016-05-16 12:58 ` Mcnamara, John
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160422092320.3796239c@xeon-e3 \
--to=stephen@networkplumber.org \
--cc=cristian.dumitrescu@intel.com \
--cc=dev@dpdk.org \
--cc=michalx.kobylinski@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.