[PATCH mtd-utils] lib: Fix integer overflow in in libiniparser.c
Zhihao Cheng
chengzhihao1 at huawei.com
Mon Dec 16 20:55:27 PST 2024
在 2024/12/16 19:57, Anton Moryakov 写道:
> Report of the static analyzer:
> Possible integer underflow: left operand is tainted.
> An integer underflow may occur due to arithmetic operation (subtraction) between values
> { [-2147483648, 2147483647] } and '1', where the first value comes from the expression '(int)strlen(line)'
>
> Corrections explained:
> Modified logic toskip empty lines immediately, reducing unnecessary processing.- Ensured safety by validating len >= 0 before accessing line[len] to avoid out-of-bounds access.
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.co
>
> ---
> lib/libiniparser.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Hi, Anton. I'm fine with the single-point fix solution, and you can add:
Reviewed-by: Zhihao Cheng <chengzhihao1 at huawei.com>
Or just like Anton's suggestions, I'm also fine with updating
libiniparser from [1], which did solve several bugs in the past few
years. And there may be some unused functions should be deleted to avoid
compiling warnings.
[1] https://gitlab.com/iniparser/iniparser
>
> diff --git a/lib/libiniparser.c b/lib/libiniparser.c
> index a6ddcc7..9790c75 100644
> --- a/lib/libiniparser.c
> +++ b/lib/libiniparser.c
> @@ -540,7 +540,7 @@ dictionary * iniparser_load(const char * ininame)
> len-- ;
> }
> /* Detect multi-line */
> - if (line[len]=='\\') {
> + if (len >= 0 && line[len]=='\\') {
> /* Multi-line value */
> last=len ;
> continue ;
>
More information about the linux-mtd
mailing list