[dpdk-dev] [PATCH] string: fix potential seg fault on snprintf

Pablo de Lara pablox.de.lara.guarch at intel.com
Fri Jun 27 13:04:57 CEST 2014


From: Pablo de Lara <pablo.de.lara.guarch at intel.com>

Several functions did not check if destination buffer, used
in snprintf was a non-NULL pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
 examples/cmdline/parse_obj_list.c            |    3 +++
 lib/librte_cmdline/cmdline_parse_etheraddr.c |    3 +++
 lib/librte_cmdline/cmdline_parse_num.c       |    2 +-
 lib/librte_cmdline/cmdline_parse_portlist.c  |    4 ++++
 lib/librte_eal/linuxapp/eal/eal_pci_uio.c    |    3 +++
 5 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/examples/cmdline/parse_obj_list.c b/examples/cmdline/parse_obj_list.c
index 2625ca3..97dfa09 100644
--- a/examples/cmdline/parse_obj_list.c
+++ b/examples/cmdline/parse_obj_list.c
@@ -157,6 +157,9 @@ int complete_get_elt_obj_list(cmdline_parse_token_hdr_t *tk,
 int get_help_obj_list(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
 		      char *dstbuf, unsigned int size)
 {
+	if (!dstbuf)
+		return -1;
+
 	snprintf(dstbuf, size, "Obj-List");
 	return 0;
 }
diff --git a/lib/librte_cmdline/cmdline_parse_etheraddr.c b/lib/librte_cmdline/cmdline_parse_etheraddr.c
index 5285c40..774b167 100644
--- a/lib/librte_cmdline/cmdline_parse_etheraddr.c
+++ b/lib/librte_cmdline/cmdline_parse_etheraddr.c
@@ -170,6 +170,9 @@ cmdline_get_help_etheraddr(__attribute__((unused)) cmdline_parse_token_hdr_t *tk
 {
 	int ret;
 
+	if (!dstbuf)
+		return -1;
+
 	ret = snprintf(dstbuf, size, "Ethernet address");
 	if (ret < 0)
 		return -1;
diff --git a/lib/librte_cmdline/cmdline_parse_num.c b/lib/librte_cmdline/cmdline_parse_num.c
index 0b9e4d0..26ba5ef 100644
--- a/lib/librte_cmdline/cmdline_parse_num.c
+++ b/lib/librte_cmdline/cmdline_parse_num.c
@@ -349,7 +349,7 @@ cmdline_get_help_num(cmdline_parse_token_hdr_t *tk, char *dstbuf, unsigned int s
 	struct cmdline_token_num_data nd;
 	int ret;
 
-	if (!tk)
+	if (!tk || !dstbuf)
 		return -1;
 
 	memcpy(&nd, &((struct cmdline_token_num *)tk)->num_data, sizeof(nd));
diff --git a/lib/librte_cmdline/cmdline_parse_portlist.c b/lib/librte_cmdline/cmdline_parse_portlist.c
index 7eac05c..8e3521a 100644
--- a/lib/librte_cmdline/cmdline_parse_portlist.c
+++ b/lib/librte_cmdline/cmdline_parse_portlist.c
@@ -163,6 +163,10 @@ cmdline_get_help_portlist(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
 		char *dstbuf, unsigned int size)
 {
 	int ret;
+
+	if (!dstbuf)
+		return -1;
+
 	ret = snprintf(dstbuf, size, "range of ports as 3,4-6,8-19,20");
 	if (ret < 0)
 		return -1;
diff --git a/lib/librte_eal/linuxapp/eal/eal_pci_uio.c b/lib/librte_eal/linuxapp/eal/eal_pci_uio.c
index 7e62266..ec0ba42 100644
--- a/lib/librte_eal/linuxapp/eal/eal_pci_uio.c
+++ b/lib/librte_eal/linuxapp/eal/eal_pci_uio.c
@@ -211,6 +211,9 @@ pci_get_uio_dev(struct rte_pci_device *dev, char *dstbuf,
 	DIR *dir;
 	char dirname[PATH_MAX];
 
+	if (!dstbuf)
+		return -1;
+
 	/* depending on kernel version, uio can be located in uio/uioX
 	 * or uio:uioX */
 
-- 
1.7.0.7



More information about the dev mailing list