Add a check for the return value of the sscanf call in parse_internal_args(), returning an error if we don't get the expected result.
Coverity issue: 362049 Fixes: 96cb19521147 ("net/ring: use EAL APIs in PMD specific API") Cc: sta...@dpdk.org Signed-off-by: Kevin Laatz <kevin.la...@intel.com> --- v2: added consumed characters count check v3: add more improved checks --- drivers/net/ring/rte_eth_ring.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/net/ring/rte_eth_ring.c b/drivers/net/ring/rte_eth_ring.c index 40fe1ca4ba..41692305e7 100644 --- a/drivers/net/ring/rte_eth_ring.c +++ b/drivers/net/ring/rte_eth_ring.c @@ -16,6 +16,7 @@ #define ETH_RING_ACTION_CREATE "CREATE" #define ETH_RING_ACTION_ATTACH "ATTACH" #define ETH_RING_INTERNAL_ARG "internal" +#define ETH_RING_INTERNAL_ARG_MAX_LEN 19 static const char *valid_arguments[] = { ETH_RING_NUMA_NODE_ACTION_ARG, @@ -538,8 +539,21 @@ parse_internal_args(const char *key __rte_unused, const char *value, { struct ring_internal_args **internal_args = data; void *args; + int ret, n; - sscanf(value, "%p", &args); + /* make sure 'value' is valid pointer length */ + if (strnlen(value, ETH_RING_INTERNAL_ARG_MAX_LEN) >= + ETH_RING_INTERNAL_ARG_MAX_LEN) { + PMD_LOG(ERR, "Error parsing internal args, 'value' too long"); + return -1; + } + + ret = sscanf(value, "%p%n", &args, &n); + if (ret == 0 || (size_t)n != strlen(value)) { + PMD_LOG(ERR, "Error parsing internal args"); + + return -1; + } *internal_args = args; -- 2.25.1