[dpdk-dev] [PATCH] cfgfile: fix integer overflow

Stephen Hemminger stephen at networkplumber.org
Fri Apr 22 18:23:20 CEST 2016

Previous message: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
Next message: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 22 Apr 2016 12:41:01 +0200
Michal Kobylinski <michalx.kobylinski at intel.com> wrote:

> Fix issue reported by Coverity.
> 
> Coverity ID 13289: Integer overflowed argument: The argument will be too
> small or even negative, likely resulting in unexpected behavior (for
> example, under-allocation in a memory allocation function).
> In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> value used as an argument to a function
> 
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> 
> Signed-off-by: Michal Kobylinski <michalx.kobylinski at intel.com>
> ---
>  lib/librte_cfgfile/rte_cfgfile.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
> index 75625a2..0a5a279 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
>  				goto error1;
>  			}
>  			*end = '\0';
> -			_strip(&buffer[1], end - &buffer[1]);
> +			_strip(&buffer[1], (unsigned)(end - &buffer[1]));
>  

The cast doesn't actually fix any potential bug. It just causes the
function to get an signed overflow value.

Previous message: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
Next message: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list