[ovs-dev] [PATCH v2] lex: Fix stack underflow bug and improve loop

Yifeng Sun pkusunyifeng at gmail.com
Tue Oct 2 18:37:04 UTC 2018


In previous code, if hexit == 0, then the boundary for 'out' is
not checked. This patch fixes it and also takes the checking out
of loop to improve loop's performance.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10710
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
---
v1->v2: Fix email subject by adding [ovs-dev]

 ovn/lib/lex.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ovn/lib/lex.c b/ovn/lib/lex.c
index 0514950de6bf..269267730526 100644
--- a/ovn/lib/lex.c
+++ b/ovn/lib/lex.c
@@ -327,17 +327,18 @@ lex_parse_hex_integer(const char *start, size_t len, struct lex_token *token)
     const char *in = start + (len - 1);
     uint8_t *out = token->value.u8 + (sizeof token->value.u8 - 1);
 
+    if ((len - 1) / 2 >= sizeof token->value.u8) {
+        lex_error(token, "Hexadecimal constant requires more than "
+                  "%"PRIuSIZE" bits.", 8 * sizeof token->value.u8);
+        return;
+    }
+
     for (int i = 0; i < len; i++) {
         int hexit = hexit_value(in[-i]);
         if (hexit < 0) {
             lex_error(token, "Invalid syntax in hexadecimal constant.");
             return;
         }
-        if (hexit && i / 2 >= sizeof token->value.u8) {
-            lex_error(token, "Hexadecimal constant requires more than "
-                      "%"PRIuSIZE" bits.", 8 * sizeof token->value.u8);
-            return;
-        }
         out[-(i / 2)] |= i % 2 ? hexit << 4 : hexit;
     }
     token->format = LEX_F_HEXADECIMAL;
-- 
2.7.4



More information about the dev mailing list