From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephen Hemminger <stephen@networkplumber.org>
Subject: Re: [PATCH] cfgfile: fix integer overflow
Date: Fri, 22 Apr 2016 09:23:20 -0700
Message-ID: <20160422092320.3796239c@xeon-e3>
References: <1461321661-30272-1-git-send-email-michalx.kobylinski@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: cristian.dumitrescu@intel.com, dev@dpdk.org
To: Michal Kobylinski <michalx.kobylinski@intel.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mail-pf0-f182.google.com (mail-pf0-f182.google.com
 [209.85.192.182]) by dpdk.org (Postfix) with ESMTP id D08672952
 for <dev@dpdk.org>; Fri, 22 Apr 2016 18:23:09 +0200 (CEST)
Received: by mail-pf0-f182.google.com with SMTP id e128so42555311pfe.3
 for <dev@dpdk.org>; Fri, 22 Apr 2016 09:23:09 -0700 (PDT)
In-Reply-To: <1461321661-30272-1-git-send-email-michalx.kobylinski@intel.com>
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On Fri, 22 Apr 2016 12:41:01 +0200
Michal Kobylinski <michalx.kobylinski@intel.com> wrote:

> Fix issue reported by Coverity.
> 
> Coverity ID 13289: Integer overflowed argument: The argument will be too
> small or even negative, likely resulting in unexpected behavior (for
> example, under-allocation in a memory allocation function).
> In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> value used as an argument to a function
> 
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> 
> Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
> ---
>  lib/librte_cfgfile/rte_cfgfile.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
> index 75625a2..0a5a279 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
>  				goto error1;
>  			}
>  			*end = '\0';
> -			_strip(&buffer[1], end - &buffer[1]);
> +			_strip(&buffer[1], (unsigned)(end - &buffer[1]));
>  

The cast doesn't actually fix any potential bug. It just causes the
function to get an signed overflow value.