[dpdk-dev,5/5] malloc: fix potential negative return

  Return value from rte_socket_id_by_idx() may be negative, which would
result in negative index access.

Additionally, return value was of mismatched type (function returns
signed int, socket id was unsigned).

Coverity issue: 272571
Coverity issue: 272597

Fixes: 30bc6bf0d516 ("malloc: add function to dump heap contents")
Cc: anatoly.burakov@intel.com

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
 lib/librte_eal/common/rte_malloc.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
  

On 4/17/2018 11:48 PM, Anatoly Burakov wrote:
> Return value from rte_socket_id_by_idx() may be negative, which would
> result in negative index access.
>
> Additionally, return value was of mismatched type (function returns
> signed int, socket id was unsigned).
>
> Coverity issue: 272571
> Coverity issue: 272597
>
> Fixes: 30bc6bf0d516 ("malloc: add function to dump heap contents")
> Cc: anatoly.burakov@intel.com
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
>   lib/librte_eal/common/rte_malloc.c | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c
> index b51a6d1..f207ba2 100644
> --- a/lib/librte_eal/common/rte_malloc.c
> +++ b/lib/librte_eal/common/rte_malloc.c
> @@ -169,7 +169,11 @@ rte_malloc_dump_heaps(FILE *f)
>   	unsigned int idx;
>   
>   	for (idx = 0; idx < rte_socket_count(); idx++) {
> -		unsigned int socket = rte_socket_id_by_idx(idx);
> +		int socket = rte_socket_id_by_idx(idx);
> +		if (socket < 0) {
> +			RTE_LOG(ERR, EAL, "Invalid socket index: %u\n", idx);
> +			continue;
> +		}

For such check (and many others), we are clear that idx is guaranteed by 
rte_socket_count(), so rte_socket_id_by_idx() can never return -1. So 
why not just reporting this as false-positive?

Thanks,
Jianfeng

>   		fprintf(f, "Heap on socket %i:\n", socket);
>   		malloc_heap_dump(&mcfg->malloc_heaps[socket], f);
>   	}
  

On 25-Apr-18 9:24 AM, Tan, Jianfeng wrote:
> 
> 
> On 4/17/2018 11:48 PM, Anatoly Burakov wrote:
>> Return value from rte_socket_id_by_idx() may be negative, which would
>> result in negative index access.
>>
>> Additionally, return value was of mismatched type (function returns
>> signed int, socket id was unsigned).
>>
>> Coverity issue: 272571
>> Coverity issue: 272597
>>
>> Fixes: 30bc6bf0d516 ("malloc: add function to dump heap contents")
>> Cc: anatoly.burakov@intel.com
>>
>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>> ---
>>   lib/librte_eal/common/rte_malloc.c | 6 +++++-
>>   1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/librte_eal/common/rte_malloc.c 
>> b/lib/librte_eal/common/rte_malloc.c
>> index b51a6d1..f207ba2 100644
>> --- a/lib/librte_eal/common/rte_malloc.c
>> +++ b/lib/librte_eal/common/rte_malloc.c
>> @@ -169,7 +169,11 @@ rte_malloc_dump_heaps(FILE *f)
>>       unsigned int idx;
>>       for (idx = 0; idx < rte_socket_count(); idx++) {
>> -        unsigned int socket = rte_socket_id_by_idx(idx);
>> +        int socket = rte_socket_id_by_idx(idx);
>> +        if (socket < 0) {
>> +            RTE_LOG(ERR, EAL, "Invalid socket index: %u\n", idx);
>> +            continue;
>> +        }
> 
> For such check (and many others), we are clear that idx is guaranteed by 
> rte_socket_count(), so rte_socket_id_by_idx() can never return -1. So 
> why not just reporting this as false-positive?

Well, technically, if someone were to corrupt rte_config, it would 
introduce a possibility of a negative return. However, i guess, at that 
point we've got bigger problems, so perhaps you're right and i should 
drop these fixes.

> 
> Thanks,
> Jianfeng
> 
>>           fprintf(f, "Heap on socket %i:\n", socket);
>>           malloc_heap_dump(&mcfg->malloc_heaps[socket], f);
>>       }
> 
>