On Tue, Oct 02, 2018 at 11:26:23AM -0700, Yifeng Sun wrote:
> In previous code, if hexit == 0, then the boundary for 'out' is
> not checked. This patch fixes it and also takes the checking out
> of loop to improve loop's performance.
>
> Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10710
> Signed-off-by: Yifeng Sun <[email protected]>
Thanks for the fix!
I think that my goal here was to ignore any number of leading zeros,
more like this:
diff --git a/ovn/lib/lex.c b/ovn/lib/lex.c
index 0514950de6bf..a5237091a46b 100644
--- a/ovn/lib/lex.c
+++ b/ovn/lib/lex.c
@@ -332,13 +332,14 @@ lex_parse_hex_integer(const char *start, size_t len,
struct lex_token *token)
if (hexit < 0) {
lex_error(token, "Invalid syntax in hexadecimal constant.");
return;
+ } else if (hexit) {
+ if (i / 2 >= sizeof token->value.u8) {
+ lex_error(token, "Hexadecimal constant requires more than "
+ "%"PRIuSIZE" bits.", 8 * sizeof token->value.u8);
+ return;
+ }
+ out[-(i / 2)] |= i % 2 ? hexit << 4 : hexit;
}
- if (hexit && i / 2 >= sizeof token->value.u8) {
- lex_error(token, "Hexadecimal constant requires more than "
- "%"PRIuSIZE" bits.", 8 * sizeof token->value.u8);
- return;
- }
- out[-(i / 2)] |= i % 2 ? hexit << 4 : hexit;
}
token->format = LEX_F_HEXADECIMAL;
}
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
