[PATCH mtd-utils] lib: Fix integer overflow in in libiniparser.c
Zhihao Cheng
chengzhihao1 at huawei.com
Fri Dec 13 19:02:25 PST 2024
在 2024/12/13 21:56, Anton Moryakov 写道:
> Report of the static analyzer:
> Possible integer underflow: left operand is tainted.
> An integer underflow may occur due to arithmetic operation (subtraction) between values
> { [-2147483648, 2147483647] } and '1', where the first value comes from the expression '(int)strlen(line)'
>
> Corrections explained:
> Modified logic toskip empty lines immediately, reducing unnecessary processing.- Ensured safety by validating len >= 0 before accessing line[len] to avoid out-of-bounds access.
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
>
> ---
> lib/libiniparser.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/libiniparser.c b/lib/libiniparser.c
> index a6ddcc7..2facbde 100644
> --- a/lib/libiniparser.c
> +++ b/lib/libiniparser.c
> @@ -524,7 +524,7 @@ dictionary * iniparser_load(const char * ininame)
> lineno++ ;
> len = (int)strlen(line)-1;
> /* Safety check against buffer overflows */
> - if (line[len]!='\n') {
> + if (len < 0 || line[len]!='\n') {
Hi Anton, you modified the wrong place. Expression 'if
(line[len]=='\\')' should be changed, please see details in
https://lore.kernel.org/linux-mtd/7df76973-46ed-d47c-79c6-36bd8cf627e8@huawei.com/T/#t.
> fprintf(stderr,
> "iniparser: input line too long in %s (%d)\n",
> ininame,
>
More information about the linux-mtd
mailing list