[dpdk-dev,2/5] cfgfile: cfg object not initialized after allocation
Checks
Commit Message
After the call to malloc() the cfg object is only partially initialized
with memset(). If parsing of the ini file fails because of a parsing error
then the subsequent call to rte_cfgfile_close() segfaults due to
uninitialized memory.
This reproducible by attempting to parse a ini file that has a key=value
entry before the first [section] statement.
Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
---
lib/librte_cfgfile/rte_cfgfile.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
@@ -94,18 +94,19 @@ struct rte_cfgfile *
int curr_entry = -1;
char buffer[256] = {0};
int lineno = 0;
+ size_t size;
struct rte_cfgfile *cfg = NULL;
FILE *f = fopen(filename, "r");
if (f == NULL)
return NULL;
- cfg = malloc(sizeof(*cfg) + sizeof(cfg->sections[0]) *
- allocated_sections);
+ size = sizeof(*cfg) + sizeof(cfg->sections[0]) * allocated_sections;
+ cfg = malloc(size);
if (cfg == NULL)
goto error2;
- memset(cfg->sections, 0, sizeof(cfg->sections[0]) * allocated_sections);
+ memset(cfg, 0, size);
while (fgets(buffer, sizeof(buffer), f) != NULL) {
char *pos = NULL;