> -----Original Message----- > From: dev [mailto:dev-boun...@dpdk.org] On Behalf Of Jacek Piasecki > Sent: Thursday, October 26, 2017 8:24 AM > To: Dumitrescu, Cristian <cristian.dumitre...@intel.com> > Cc: dev@dpdk.org; Piasecki, JacekX <jacekx.piase...@intel.com>; > sta...@dpdk.org > Subject: [dpdk-dev] [PATCH] cfgfile: fix NULL pointer dereference > > Function memchr() could return NULL and assign it to split[1] pointer. > Additional check and error handing is made after memchr() call. > > Coverity issue: 195004 > Fixes: a6a47ac9c2c9 ("cfgfile: rework load function") > Cc: jacekx.piase...@intel.com > Cc: sta...@dpdk.org > > Signed-off-by: Jacek Piasecki <jacekx.piase...@intel.com> > --- > lib/librte_cfgfile/rte_cfgfile.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/lib/librte_cfgfile/rte_cfgfile.c > b/lib/librte_cfgfile/rte_cfgfile.c > index 124aef5..80077b6 100644 > --- a/lib/librte_cfgfile/rte_cfgfile.c > +++ b/lib/librte_cfgfile/rte_cfgfile.c > @@ -241,6 +241,11 @@ rte_cfgfile_load_with_params(const char > *filename, int flags, > > split[0] = buffer; > split[1] = memchr(buffer, '=', len); > + if (split[1] == NULL) { > + printf("Error line %d - no '='" > + "character found\n", lineno); > + goto error1; > + } > *split[1] = '\0'; > split[1]++; > > @@ -268,7 +273,7 @@ rte_cfgfile_load_with_params(const char > *filename, int flags, > goto error1; > > _add_entry(&cfg->sections[cfg->num_sections - 1], > - split[0], (split[1] ? split[1] : "")); > + split[0], split[1]); > } > } > fclose(f); > -- > 2.7.4
Acked-by: Michal Jastrzebski <michalx.k.jastrzeb...@intel.com>
