From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Burakov, Anatoly" <anatoly.burakov@intel.com>
Subject: Re: [PATCH 5/5] malloc: fix potential negative return
Date: Wed, 25 Apr 2018 09:50:32 +0100
Message-ID: <a1d18e2e-c989-592f-be94-5c27ccebfbe3@intel.com>
References: <cover.1523979264.git.anatoly.burakov@intel.com>
 <02a4a77c846287fcb3abb56af38e8b35dc040979.1523979264.git.anatoly.burakov@intel.com>
 <a9087849-4a60-2490-6d5c-983795955523@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Cc: thomas@monjalon.net
To: "Tan, Jianfeng" <jianfeng.tan@intel.com>, dev@dpdk.org
Return-path: <dev-bounces@dpdk.org>
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by dpdk.org (Postfix) with ESMTP id D91EE2BCE
 for <dev@dpdk.org>; Wed, 25 Apr 2018 10:50:36 +0200 (CEST)
In-Reply-To: <a9087849-4a60-2490-6d5c-983795955523@intel.com>
Content-Language: en-US
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On 25-Apr-18 9:24 AM, Tan, Jianfeng wrote:
> 
> 
> On 4/17/2018 11:48 PM, Anatoly Burakov wrote:
>> Return value from rte_socket_id_by_idx() may be negative, which would
>> result in negative index access.
>>
>> Additionally, return value was of mismatched type (function returns
>> signed int, socket id was unsigned).
>>
>> Coverity issue: 272571
>> Coverity issue: 272597
>>
>> Fixes: 30bc6bf0d516 ("malloc: add function to dump heap contents")
>> Cc: anatoly.burakov@intel.com
>>
>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>> ---
>>   lib/librte_eal/common/rte_malloc.c | 6 +++++-
>>   1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/librte_eal/common/rte_malloc.c 
>> b/lib/librte_eal/common/rte_malloc.c
>> index b51a6d1..f207ba2 100644
>> --- a/lib/librte_eal/common/rte_malloc.c
>> +++ b/lib/librte_eal/common/rte_malloc.c
>> @@ -169,7 +169,11 @@ rte_malloc_dump_heaps(FILE *f)
>>       unsigned int idx;
>>       for (idx = 0; idx < rte_socket_count(); idx++) {
>> -        unsigned int socket = rte_socket_id_by_idx(idx);
>> +        int socket = rte_socket_id_by_idx(idx);
>> +        if (socket < 0) {
>> +            RTE_LOG(ERR, EAL, "Invalid socket index: %u\n", idx);
>> +            continue;
>> +        }
> 
> For such check (and many others), we are clear that idx is guaranteed by 
> rte_socket_count(), so rte_socket_id_by_idx() can never return -1. So 
> why not just reporting this as false-positive?

Well, technically, if someone were to corrupt rte_config, it would 
introduce a possibility of a negative return. However, i guess, at that 
point we've got bigger problems, so perhaps you're right and i should 
drop these fixes.

> 
> Thanks,
> Jianfeng
> 
>>           fprintf(f, "Heap on socket %i:\n", socket);
>>           malloc_heap_dump(&mcfg->malloc_heaps[socket], f);
>>       }
> 
> 


-- 
Thanks,
Anatoly