[ovs-dev] [PATCH] lex: Fix stack underflow bug and improve loop

Yifeng Sun pkusunyifeng at gmail.com
Tue Oct 2 20:21:22 UTC 2018


Thanks Ben for the review, I sent a v3.

On Tue, Oct 2, 2018 at 11:41 AM Ben Pfaff <blp at ovn.org> wrote:

> On Tue, Oct 02, 2018 at 11:26:23AM -0700, Yifeng Sun wrote:
> > In previous code, if hexit == 0, then the boundary for 'out' is
> > not checked. This patch fixes it and also takes the checking out
> > of loop to improve loop's performance.
> >
> > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10710
> > Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
>
> Thanks for the fix!
>
> I think that my goal here was to ignore any number of leading zeros,
> more like this:
>
> diff --git a/ovn/lib/lex.c b/ovn/lib/lex.c
> index 0514950de6bf..a5237091a46b 100644
> --- a/ovn/lib/lex.c
> +++ b/ovn/lib/lex.c
> @@ -332,13 +332,14 @@ lex_parse_hex_integer(const char *start, size_t len,
> struct lex_token *token)
>          if (hexit < 0) {
>              lex_error(token, "Invalid syntax in hexadecimal constant.");
>              return;
> +        } else if (hexit) {
> +            if (i / 2 >= sizeof token->value.u8) {
> +                lex_error(token, "Hexadecimal constant requires more than
> "
> +                          "%"PRIuSIZE" bits.", 8 * sizeof
> token->value.u8);
> +                return;
> +            }
> +            out[-(i / 2)] |= i % 2 ? hexit << 4 : hexit;
>          }
> -        if (hexit && i / 2 >= sizeof token->value.u8) {
> -            lex_error(token, "Hexadecimal constant requires more than "
> -                      "%"PRIuSIZE" bits.", 8 * sizeof token->value.u8);
> -            return;
> -        }
> -        out[-(i / 2)] |= i % 2 ? hexit << 4 : hexit;
>      }
>      token->format = LEX_F_HEXADECIMAL;
>  }
>


More information about the dev mailing list