[dpdk-dev] [PATCH v6 04/19] eal: fix wrong strnlen() return value in 32bit icc

Neil Horman nhorman at tuxdriver.com
Fri Feb 13 14:49:34 CET 2015


On Fri, Feb 13, 2015 at 09:38:06AM +0800, Cunming Liang wrote:
> The problem is that strnlen() here may return invalid value with 32bit icc.
> (actually it returns it’s second parameter,e.g: sysconf(_SC_ARG_MAX)).
> It starts to manifest hwen max_len parameter is > 2M and using icc –m32 –O2 (or above).
> 
> Suggested-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> Signed-off-by: Cunming Liang <cunming.liang at intel.com>
> ---
>  v5 changes:
>    using strlen instead of strnlen.
> 
>  lib/librte_eal/common/eal_common_options.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c
> index 178e303..9cf2faa 100644
> --- a/lib/librte_eal/common/eal_common_options.c
> +++ b/lib/librte_eal/common/eal_common_options.c
> @@ -167,7 +167,7 @@ eal_parse_coremask(const char *coremask)
>  	if (coremask[0] == '0' && ((coremask[1] == 'x')
>  		|| (coremask[1] == 'X')))
>  		coremask += 2;
> -	i = strnlen(coremask, PATH_MAX);
> +	i = strlen(coremask);
This is crash prone.  If coremask is passed in without a trailing null pointer,
strlen will return a huge value that can overrun the array.

This seems like a bug in icc, and should be fixed there.

Neil


More information about the dev mailing list