[dpdk-dev] cfgfile: fix uninitialized variable on load error
Checks
Commit Message
Uninitialized scalar variable. Using uninitialized value cfg->sections[curr_section]->num_entries when calling rte_cfgfile_close.
And memory in variables cfg->sections[curr_section], sect->entries[curr_entry] maybe not equal NULL. We must decrement counters curr_section, curr_entry when failed to realloc.
Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
Signed-off-by: Dmitriy Yakovlev <bombermag@gmail.com>
---
lib/librte_cfgfile/rte_cfgfile.c | 4 ++++
1 file changed, 4 insertions(+)
Comments
Ping Cristian
2017-02-07 05:51, Dmitriy Yakovlev:
> Uninitialized scalar variable. Using uninitialized value cfg->sections[curr_section]->num_entries when calling rte_cfgfile_close.
> And memory in variables cfg->sections[curr_section], sect->entries[curr_entry] maybe not equal NULL. We must decrement counters curr_section, curr_entry when failed to realloc.
>
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
>
> Signed-off-by: Dmitriy Yakovlev <bombermag@gmail.com>
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Dmitriy Yakovlev
> Sent: Tuesday, February 7, 2017 2:51 AM
> To: dev@dpdk.org
> Cc: Dmitriy Yakovlev <bombermag@gmail.com>
> Subject: [dpdk-dev] [PATCH] cfgfile: fix uninitialized variable on load error
>
> Uninitialized scalar variable. Using uninitialized value cfg-
> >sections[curr_section]->num_entries when calling rte_cfgfile_close.
> And memory in variables cfg->sections[curr_section], sect-
> >entries[curr_entry] maybe not equal NULL. We must decrement counters
> curr_section, curr_entry when failed to realloc.
>
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
>
> Signed-off-by: Dmitriy Yakovlev <bombermag@gmail.com>
> ---
> lib/librte_cfgfile/rte_cfgfile.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
> > Uninitialized scalar variable. Using uninitialized value cfg-
> > >sections[curr_section]->num_entries when calling rte_cfgfile_close.
> > And memory in variables cfg->sections[curr_section], sect-
> > >entries[curr_entry] maybe not equal NULL. We must decrement counters
> > curr_section, curr_entry when failed to realloc.
> >
> > Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> >
> > Signed-off-by: Dmitriy Yakovlev <bombermag@gmail.com>
> > ---
> > lib/librte_cfgfile/rte_cfgfile.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
>
> Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Applied, thanks
@@ -151,6 +151,7 @@ struct rte_cfgfile *
sizeof(*cfg) + sizeof(cfg->sections[0])
* allocated_sections);
if (n_cfg == NULL) {
+ curr_section--;
printf("Error - no more memory\n");
goto error1;
}
@@ -198,6 +199,7 @@ struct rte_cfgfile *
sizeof(sect->entries[0]) *
allocated_entries);
if (n_sect == NULL) {
+ curr_entry--;
printf("Error - no more memory\n");
goto error1;
}
@@ -233,6 +235,8 @@ struct rte_cfgfile *
error1:
cfg->num_sections = curr_section + 1;
+ if (curr_section >= 0)
+ cfg->sections[curr_section]->num_entries = curr_entry + 1;
rte_cfgfile_close(cfg);
error2:
fclose(f);