From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jacek Piasecki <jacekx.piasecki@intel.com>
Subject: [PATCH] cfgfile: fix NULL pointer dereference
Date: Thu, 26 Oct 2017 08:24:06 +0200
Message-ID: <1508999046-5012-1-git-send-email-jacekx.piasecki@intel.com>
Cc: dev@dpdk.org, Jacek Piasecki <jacekx.piasecki@intel.com>, stable@dpdk.org
To: cristian.dumitrescu@intel.com
Return-path: <dev-bounces@dpdk.org>
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Function memchr() could return NULL and assign it to split[1] pointer.
Additional check and error handing is made after memchr() call.

Coverity issue: 195004
Fixes: a6a47ac9c2c9 ("cfgfile: rework load function")
Cc: jacekx.piasecki@intel.com
Cc: stable@dpdk.org

Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
---
 lib/librte_cfgfile/rte_cfgfile.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
index 124aef5..80077b6 100644
--- a/lib/librte_cfgfile/rte_cfgfile.c
+++ b/lib/librte_cfgfile/rte_cfgfile.c
@@ -241,6 +241,11 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
 
 			split[0] = buffer;
 			split[1] = memchr(buffer, '=', len);
+			if (split[1] == NULL) {
+				printf("Error line %d - no '='"
+					"character found\n", lineno);
+				goto error1;
+			}
 			*split[1] = '\0';
 			split[1]++;
 
@@ -268,7 +273,7 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
 				goto error1;
 
 			_add_entry(&cfg->sections[cfg->num_sections - 1],
-					split[0], (split[1] ? split[1] : ""));
+					split[0], split[1]);
 		}
 	}
 	fclose(f);
-- 
2.7.4