[ovs-dev] [PATCH] lex: Fix stack underflow bug and improve loop
Yifeng Sun
pkusunyifeng at gmail.com
Tue Oct 2 18:38:05 UTC 2018
Sorry just realized my patches are missing the [ovs-dev] in the subjects.
Resend v2.
On Tue, Oct 2, 2018 at 11:26 AM Yifeng Sun <pkusunyifeng at gmail.com> wrote:
> In previous code, if hexit == 0, then the boundary for 'out' is
> not checked. This patch fixes it and also takes the checking out
> of loop to improve loop's performance.
>
> Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10710
> Signed-off-by
> <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10710Signed-off-by>:
> Yifeng Sun <pkusunyifeng at gmail.com>
> ---
> ovn/lib/lex.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/ovn/lib/lex.c b/ovn/lib/lex.c
> index 0514950de6bf..269267730526 100644
> --- a/ovn/lib/lex.c
> +++ b/ovn/lib/lex.c
> @@ -327,17 +327,18 @@ lex_parse_hex_integer(const char *start, size_t len,
> struct lex_token *token)
> const char *in = start + (len - 1);
> uint8_t *out = token->value.u8 + (sizeof token->value.u8 - 1);
>
> + if ((len - 1) / 2 >= sizeof token->value.u8) {
> + lex_error(token, "Hexadecimal constant requires more than "
> + "%"PRIuSIZE" bits.", 8 * sizeof token->value.u8);
> + return;
> + }
> +
> for (int i = 0; i < len; i++) {
> int hexit = hexit_value(in[-i]);
> if (hexit < 0) {
> lex_error(token, "Invalid syntax in hexadecimal constant.");
> return;
> }
> - if (hexit && i / 2 >= sizeof token->value.u8) {
> - lex_error(token, "Hexadecimal constant requires more than "
> - "%"PRIuSIZE" bits.", 8 * sizeof token->value.u8);
> - return;
> - }
> out[-(i / 2)] |= i % 2 ? hexit << 4 : hexit;
> }
> token->format = LEX_F_HEXADECIMAL;
> --
> 2.7.4
>
>
More information about the dev
mailing list