[dpdk-dev] [PATCH] cfgfile: fix integer overflow

[Kobylinski, MichalX]

> -----Original Message-----
> From: Thomas Monjalon [mailto:thomas.monjalon at 6wind.com]
> Sent: Monday, May 16, 2016 12:06 PM
> To: Kobylinski, MichalX <michalx.kobylinski at intel.com>
> Cc: dev at dpdk.org; Dumitrescu, Cristian <cristian.dumitrescu at intel.com>
> Subject: Re: [dpdk-dev] [PATCH] cfgfile: fix integer overflow
> Importance: High
> 
> 2016-04-28 11:09, Dumitrescu, Cristian:
> > From: Kobylinski, MichalX
> > > Fix issue reported by Coverity.
> > >
> > > Coverity ID 13289: Integer overflowed argument: The argument will be
> > > too small or even negative, likely resulting in unexpected behavior
> > > (for example, under-allocation in a memory allocation function).
> > > In rte_cfgfile_load: An integer overflow occurs, with the overflowed
> > > value used as an argument to a function
> > >
> > > Fixes: eaafbad419bf ("cfgfile: library to interpret config files")
> > >
> > > Signed-off-by: Michal Kobylinski <michalx.kobylinski at intel.com>
> >
> > I don't understand the root issue here, can you please explain?
> >
> > It looks to me that "end" is always going to point to a location bigger or
> equal to &buffer[1]. So the second parameter of _strip function is always
> going to be a positive number (0 included).
> 
> Michal, any answer please?

Hi Thomas, Cristian

Coverity show that there is overflowed value.
But the second parameter will never be greater than 254 (its range is 0 - 254).
I used cast this parameter to unsigned in order that resolved bug reported by static analysis.