Re: [ovs-dev] [PATCH] ofp-parse: Check ranges on string to uint32_t conversion.

Thu, 20 Apr 2023 19:47:24 -0700 

> -----Original Message-----
> From: Simon Horman [mailto:[email protected]]
> Sent: Thursday, April 20, 2023 9:38 PM
> To: wangyunjian <[email protected]>
> Cc: [email protected]; [email protected]; luyicai <[email protected]>
> Subject: Re: [ovs-dev] [PATCH] ofp-parse: Check ranges on string to uint32_t
> conversion.
> 
> On Fri, Apr 14, 2023 at 05:47:59PM +0800, Yunjian Wang via dev wrote:
> > An unnecessarily overflow would occurs when the 'value' is longer than
> > 4294967295. So it's required to check ranges to avoid uint32_t overflow.
> 
> Thanks, I see this is correct.
> 
> Perhaps it would be worth noting that it occurs on platforms, such as
> x86_64 Linux, where unsigned long is 64 bits wide and values larger than
> 4294967295 don't overflow unsigned long. While on platforms where unsigned
> long is 32 bits wide the problem doesn't occur as the existing ERANGE check
> catches the overflow.
> 
> >
> > Reported-by: Nan Zhou <[email protected]>
> > Signed-off-by: Yunjian Wang <[email protected]>
> > ---
> >  lib/ofp-parse.c | 7 ++-----
> >  1 file changed, 2 insertions(+), 5 deletions(-)
> >
> > diff --git a/lib/ofp-parse.c b/lib/ofp-parse.c index
> > a90b926ef..bfa0304a7 100644
> > --- a/lib/ofp-parse.c
> > +++ b/lib/ofp-parse.c
> > @@ -71,16 +71,13 @@ str_to_u16(const char *str, const char *name,
> > uint16_t *valuep)  char * OVS_WARN_UNUSED_RESULT  str_to_u32(const
> > char *str, uint32_t *valuep)  {
> > -    char *tail;
> > -    uint32_t value;
> > +    long long value;
> >
> >      if (!str[0]) {
> >          return xstrdup("missing required numeric argument");
> >      }
> >
> > -    errno = 0;
> > -    value = strtoul(str, &tail, 0);
> > -    if (errno == EINVAL || errno == ERANGE || *tail) {
> > +    if (!str_to_llong(str, 0, &value) || value < 0 || value >
> > + UINT_MAX) {
> 
> nit: s/UINT_MAX/UINT32_MAX/

OK, I will fix it.

Thanks,
yunjian
> 
> >          return xasprintf("invalid numeric format %s", str);
> >      }
> >      *valuep = value;
> > --
> > 2.27.0
> >
> > _______________________________________________
> > dev mailing list
> > [email protected]
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to