There was a theoretical (but unlikely to happen in practice) integer
overflow in ovs_router_rule_add_cmd() in the case when rule list
comprised only of rules with priority zero, the new rule priority would
be calculated as UINT_MAX.
Coverity issue:
CID 556927: Integer handling issues (INTEGER_OVERFLOW)
Expression "rule->prio - 1U", where "rule->prio" is known to be equal to 0,
under-flows the type of "rule->prio - 1U", which is type "unsigned int".
Fixes: e2a241560080 ("ovs-router: Introduce ovs/route/rule/{add, del}
commands.")
Signed-off-by: Dima Chumak <[email protected]>
---
lib/ovs-router.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/ovs-router.c b/lib/ovs-router.c
index 29800f1a4a20..5ed6b785943c 100644
--- a/lib/ovs-router.c
+++ b/lib/ovs-router.c
@@ -1030,8 +1030,7 @@ ovs_router_rule_add_cmd(struct unixctl_conn *conn, int
argc OVS_UNUSED,
uint32_t prev_prio = 0;
PVECTOR_FOR_EACH (rule, &rules) {
- if ((!prio && rule->prio) ||
- (rule->prio - prev_prio > 1)) {
+ if (rule->prio && (!prio || (rule->prio - prev_prio > 1))) {
prio = rule->prio - 1;
}
prev_prio = rule->prio;
--
2.52.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
