[PATCH] Fix integer overflow in libiniparser.c
Anton Moryakov
ant.v.moryakov at gmail.com
Fri Dec 13 05:31:56 PST 2024
Report of the static analyzer:
Possible integer underflow: left operand is tainted.
An integer underflow may occur due to arithmetic operation (subtraction) between values
{ [-2147483648, 2147483647] } and '1', where the first value comes from the expression '(int)strlen(line)'
Corrections explained:
Modified logic toskip empty lines immediately, reducing unnecessary processing.- Ensured safety by validating len >= 0 before accessing line[len] to avoid out-of-bounds access.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
---
lib/libiniparser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/libiniparser.c b/lib/libiniparser.c
index a6ddcc7..2facbde 100644
--- a/lib/libiniparser.c
+++ b/lib/libiniparser.c
@@ -524,7 +524,7 @@ dictionary * iniparser_load(const char * ininame)
lineno++ ;
len = (int)strlen(line)-1;
/* Safety check against buffer overflows */
- if (line[len]!='\n') {
+ if (len < 0 || line[len]!='\n') {
fprintf(stderr,
"iniparser: input line too long in %s (%d)\n",
ininame,
--
2.30.2
More information about the linux-mtd
mailing list