On Tue, Aug 08, 2023 at 10:24:41AM +0800, lihuisong (C) wrote:
>
> 在 2023/8/3 5:21, Tyler Retzlaff 写道:
> >strlcpy returns type size_t when directly assigning to
> >struct rte_tel_data data_len field it may be truncated leading to
> >compromised length check that follows
> >
> >Since the limit in the check is < UINT_MAX the value returned is
> >safe to be cast to unsigned int (which may be narrower than size_t)
> >but only after being checked against RTE_TEL_MAX_SINGLE_STRING_LEN
> >
> >Signed-off-by: Tyler Retzlaff <roret...@linux.microsoft.com>
> >---
> > lib/telemetry/telemetry_data.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> >diff --git a/lib/telemetry/telemetry_data.c b/lib/telemetry/telemetry_data.c
> >index 3b1a240..52307cb 100644
> >--- a/lib/telemetry/telemetry_data.c
> >+++ b/lib/telemetry/telemetry_data.c
> >@@ -41,12 +41,13 @@
> > int
> > rte_tel_data_string(struct rte_tel_data *d, const char *str)
> > {
> >+ const size_t len = strlcpy(d->data.str, str, sizeof(d->data.str));
> sizeof(d->data.str) is equal to RTE_TEL_MAX_SINGLE_STRING_LEN(8192).
> So It seems that this truncation probably will not happen.
agreed, regardless the data type choices permit a size that exceeds the
range of the narrower type and the assignment results in a warning being
generated on some targets. that's why the truncating cast is safe to
add.
none of this would be necessary if data_len had been appropriately typed
as size_t. Bruce should we be changing the type instead since we are in
23.11 merge window...?
