> -----Original Message-----
> From: Kobylinski, MichalX
> Sent: Friday, April 22, 2016 11:41 AM
> To: Dumitrescu, Cristian <cristian.dumitrescu at intel.com>; dev at dpdk.org
> Cc: Kobylinski, MichalX <michalx.kobylinski at intel.com>
> Subject: [PATCH] cfgfile: fix integer overflow
>
> Fix issue reported by Coverity.
>
> Coverity ID 13289: Integer overflowed argument: The argument will be too
> small or even negative, likely resulting in unexpected behavior (for
> example, under-allocation in a memory allocation function).
> In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> value used as an argument to a function
>
> Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
>
> Signed-off-by: Michal Kobylinski <michalx.kobylinski at intel.com>
> ---
> lib/librte_cfgfile/rte_cfgfile.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c
> b/lib/librte_cfgfile/rte_cfgfile.c
> index 75625a2..0a5a279 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -135,7 +135,7 @@ rte_cfgfile_load(const char *filename, int flags)
> goto error1;
> }
> *end = '\0';
> - _strip(&buffer[1], end - &buffer[1]);
> + _strip(&buffer[1], (unsigned)(end - &buffer[1]));
>
> /* close off old section and add start new one */
> if (curr_section >= 0)
> --
> 1.9.1
I don't understand the root issue here, can you please explain?
It looks to me that "end" is always going to point to a location bigger or
equal to &buffer[1]. So the second parameter of _strip function is always going
to be a positive number (0 included).
