[dpdk-dev,v2] examples/qos_sched: fix out-of-bounds read
Commit Message
From: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Fix issue reported by Coverity.
Coverity ID 30708: Out-of-bounds read
overrun-local: Overrunning array tokens of 8 8-byte elements
at element index 4294967294 (byte offset 34359738352)
using index i (which evaluates to 4294967294).
Fixes: de3cfa2c9823 ("sched: initial import")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
---
examples/qos_sched/args.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Comments
> -----Original Message-----
> From: Jastrzebski, MichalX K
> Sent: Thursday, April 21, 2016 12:48 PM
> To: Dumitrescu, Cristian <cristian.dumitrescu@intel.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Singh, Jasvinder <jasvinder.singh@intel.com>
> Cc: dev@dpdk.org; Mrozowicz, SlawomirX
> <slawomirx.mrozowicz@intel.com>
> Subject: [PATCH v2] examples/qos_sched: fix out-of-bounds read
>
> From: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
>
> Fix issue reported by Coverity.
>
> Coverity ID 30708: Out-of-bounds read
> overrun-local: Overrunning array tokens of 8 8-byte elements
> at element index 4294967294 (byte offset 34359738352)
> using index i (which evaluates to 4294967294).
>
> Fixes: de3cfa2c9823 ("sched: initial import")
>
> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> ---
> examples/qos_sched/args.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/examples/qos_sched/args.c b/examples/qos_sched/args.c
> index 3e7fd08..d819269 100644
> --- a/examples/qos_sched/args.c
> +++ b/examples/qos_sched/args.c
> @@ -175,9 +175,11 @@ app_parse_opt_vals(const char *conf_str, char
> separator, uint32_t n_vals, uint32
>
> n_tokens = rte_strsplit(string, strnlen(string, 32), tokens, n_vals,
> separator);
>
> - for(i = 0; i < n_tokens; i++) {
> + if (n_tokens > MAX_OPT_VALUES)
> + return -1;
> +
> + for (i = 0; i < n_tokens; i++)
> opt_vals[i] = (uint32_t)atol(tokens[i]);
> - }
>
> free(string);
>
> --
> 1.9.1
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
> > Fix issue reported by Coverity.
> >
> > Coverity ID 30708: Out-of-bounds read
> > overrun-local: Overrunning array tokens of 8 8-byte elements
> > at element index 4294967294 (byte offset 34359738352)
> > using index i (which evaluates to 4294967294).
> >
> > Fixes: de3cfa2c9823 ("sched: initial import")
> >
> > Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
>
> Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Applied, thanks
@@ -175,9 +175,11 @@ app_parse_opt_vals(const char *conf_str, char separator, uint32_t n_vals, uint32
n_tokens = rte_strsplit(string, strnlen(string, 32), tokens, n_vals, separator);
- for(i = 0; i < n_tokens; i++) {
+ if (n_tokens > MAX_OPT_VALUES)
+ return -1;
+
+ for (i = 0; i < n_tokens; i++)
opt_vals[i] = (uint32_t)atol(tokens[i]);
- }
free(string);