Thanks Ben for the review, I sent a v3. On Tue, Oct 2, 2018 at 11:41 AM Ben Pfaff <[email protected]> wrote:
> On Tue, Oct 02, 2018 at 11:26:23AM -0700, Yifeng Sun wrote: > > In previous code, if hexit == 0, then the boundary for 'out' is > > not checked. This patch fixes it and also takes the checking out > > of loop to improve loop's performance. > > > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10710 > > Signed-off-by: Yifeng Sun <[email protected]> > > Thanks for the fix! > > I think that my goal here was to ignore any number of leading zeros, > more like this: > > diff --git a/ovn/lib/lex.c b/ovn/lib/lex.c > index 0514950de6bf..a5237091a46b 100644 > --- a/ovn/lib/lex.c > +++ b/ovn/lib/lex.c > @@ -332,13 +332,14 @@ lex_parse_hex_integer(const char *start, size_t len, > struct lex_token *token) > if (hexit < 0) { > lex_error(token, "Invalid syntax in hexadecimal constant."); > return; > + } else if (hexit) { > + if (i / 2 >= sizeof token->value.u8) { > + lex_error(token, "Hexadecimal constant requires more than > " > + "%"PRIuSIZE" bits.", 8 * sizeof > token->value.u8); > + return; > + } > + out[-(i / 2)] |= i % 2 ? hexit << 4 : hexit; > } > - if (hexit && i / 2 >= sizeof token->value.u8) { > - lex_error(token, "Hexadecimal constant requires more than " > - "%"PRIuSIZE" bits.", 8 * sizeof token->value.u8); > - return; > - } > - out[-(i / 2)] |= i % 2 ? hexit << 4 : hexit; > } > token->format = LEX_F_HEXADECIMAL; > } > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
