The fuzzing target times out if the action list is too big. And we don't really need to fully parse all the actions just to say that they are too big in the end. So, check early and exit.
This is a pure performance optimization, so not adding a unit test. All other code paths during the parsing are using E2BIG and not EFBIG for similar conditions, so using it here too. Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39670 Signed-off-by: Ilya Maximets <[email protected]> --- lib/odp-util.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/odp-util.c b/lib/odp-util.c index fbdfc7ad8..33867200a 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -2270,14 +2270,12 @@ parse_action_list(struct parse_odp_context *context, const char *s, retval = parse_odp_action(context, s + n, actions); if (retval < 0) { return retval; + } else if (nl_attr_oversized(actions->size - NLA_HDRLEN)) { + return -E2BIG; } n += retval; } - if (actions->size > UINT16_MAX) { - return -EFBIG; - } - return n; } -- 2.31.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
