[dpdk-dev] [PATCH v2] examples/qos_sched: fix out-of-bounds read

Michal Jastrzebski michalx.k.jastrzebski at intel.com
Thu Apr 21 13:47:36 CEST 2016

Previous message: [dpdk-dev] [PATCH v2] examples/qos_meter: fix unchecked return value
Next message: [dpdk-dev] [PATCH v2] examples/qos_sched: fix out-of-bounds read
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Slawomir Mrozowicz <slawomirx.mrozowicz at intel.com>

Fix issue reported by Coverity.

Coverity ID 30708: Out-of-bounds read
overrun-local: Overrunning array tokens of 8 8-byte elements
at element index 4294967294 (byte offset 34359738352)
using index i (which evaluates to 4294967294).

Fixes: de3cfa2c9823 ("sched: initial import")

Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz at intel.com>
---
 examples/qos_sched/args.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/examples/qos_sched/args.c b/examples/qos_sched/args.c
index 3e7fd08..d819269 100644
--- a/examples/qos_sched/args.c
+++ b/examples/qos_sched/args.c
@@ -175,9 +175,11 @@ app_parse_opt_vals(const char *conf_str, char separator, uint32_t n_vals, uint32
 
 	n_tokens = rte_strsplit(string, strnlen(string, 32), tokens, n_vals, separator);
 
-	for(i = 0; i < n_tokens; i++) {
+	if (n_tokens > MAX_OPT_VALUES)
+		return -1;
+
+	for (i = 0; i < n_tokens; i++)
 		opt_vals[i] = (uint32_t)atol(tokens[i]);
-	}
 
 	free(string);
 
-- 
1.9.1

Previous message: [dpdk-dev] [PATCH v2] examples/qos_meter: fix unchecked return value
Next message: [dpdk-dev] [PATCH v2] examples/qos_sched: fix out-of-bounds read
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list