[PATCH] Fix integer overflow in libiniparser.c
Alexander Dahl
ada at thorsis.com
Mon Dec 16 02:24:45 PST 2024
Hei hei,
Am Fri, Dec 13, 2024 at 04:31:56PM +0300 schrieb Anton Moryakov:
> Report of the static analyzer:
> Possible integer underflow: left operand is tainted.
> An integer underflow may occur due to arithmetic operation (subtraction) between values
> { [-2147483648, 2147483647] } and '1', where the first value comes from the expression '(int)strlen(line)'
>
> Corrections explained:
> Modified logic toskip empty lines immediately, reducing unnecessary processing.- Ensured safety by validating len >= 0 before accessing line[len] to avoid out-of-bounds access.
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
>
> ---
> lib/libiniparser.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/libiniparser.c b/lib/libiniparser.c
> index a6ddcc7..2facbde 100644
> --- a/lib/libiniparser.c
> +++ b/lib/libiniparser.c
> @@ -524,7 +524,7 @@ dictionary * iniparser_load(const char * ininame)
> lineno++ ;
> len = (int)strlen(line)-1;
> /* Safety check against buffer overflows */
> - if (line[len]!='\n') {
> + if (len < 0 || line[len]!='\n') {
This has been fixed years ago in upstream iniparser, while mtd-utils
still uses an ancient copy of that library. Maybe someone should step
up and modernize that before doing fixes here. The current
development of libiniparser takes place here (since May 2024):
https://gitlab.com/iniparser/iniparser
Greets
Alex
> fprintf(stderr,
> "iniparser: input line too long in %s (%d)\n",
> ininame,
> --
> 2.30.2
>
>
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/
More information about the linux-mtd
mailing list