> -----Original Message----- > From: Thomas Monjalon [mailto:thomas.monjalon at 6wind.com] > Sent: Monday, May 16, 2016 12:06 PM > To: Kobylinski, MichalX <michalx.kobylinski at intel.com> > Cc: dev at dpdk.org; Dumitrescu, Cristian <cristian.dumitrescu at intel.com> > Subject: Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow > Importance: High > > 2016-04-28 11:09, Dumitrescu, Cristian: > > From: Kobylinski, MichalX > > > Fix issue reported by Coverity. > > > > > > Coverity ID 13289: Integer overflowed argument: The argument will be > > > too small or even negative, likely resulting in unexpected behavior > > > (for example, under-allocation in a memory allocation function). > > > In rte_cfgfile_load: An integer overflow occurs, with the overflowed > > > value used as an argument to a function > > > > > > Fixes: eaafbad419bf ("cfgfile: library to interpret config files") > > > > > > Signed-off-by: Michal Kobylinski <michalx.kobylinski at intel.com> > > > > I don't understand the root issue here, can you please explain? > > > > It looks to me that "end" is always going to point to a location bigger or > equal to &buffer[1]. So the second parameter of _strip function is always > going to be a positive number (0 included). > > Michal, any answer please?
Hi Thomas, Cristian Coverity show that there is overflowed value. But the second parameter will never be greater than 254 (its range is 0 - 254). I used cast this parameter to unsigned in order that resolved bug reported by static analysis.
