[dpdk-dev] [PATCH 2/5] cfgfile: cfg object not initialized after allocation

Allain Legacy allain.legacy at windriver.com
Thu Mar 2 20:29:28 CET 2017


After the call to malloc() the cfg object is only partially initialized
with memset().  If parsing of the ini file fails because of a parsing error
then the subsequent call to rte_cfgfile_close() segfaults due to
uninitialized memory.

This reproducible by attempting to parse a ini file that has a key=value
entry before the first [section] statement.

Signed-off-by: Allain Legacy <allain.legacy at windriver.com>
---
 lib/librte_cfgfile/rte_cfgfile.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
index 603dd73..7a9206d 100644
--- a/lib/librte_cfgfile/rte_cfgfile.c
+++ b/lib/librte_cfgfile/rte_cfgfile.c
@@ -94,18 +94,19 @@ struct rte_cfgfile *
 	int curr_entry = -1;
 	char buffer[256] = {0};
 	int lineno = 0;
+	size_t size;
 	struct rte_cfgfile *cfg = NULL;
 
 	FILE *f = fopen(filename, "r");
 	if (f == NULL)
 		return NULL;
 
-	cfg = malloc(sizeof(*cfg) + sizeof(cfg->sections[0]) *
-		allocated_sections);
+	size = sizeof(*cfg) + sizeof(cfg->sections[0]) * allocated_sections;
+	cfg = malloc(size);
 	if (cfg == NULL)
 		goto error2;
 
-	memset(cfg->sections, 0, sizeof(cfg->sections[0]) * allocated_sections);
+	memset(cfg, 0, size);
 
 	while (fgets(buffer, sizeof(buffer), f) != NULL) {
 		char *pos = NULL;
-- 
1.8.3.1



More information about the dev mailing list