[PATCH] net/e1000: add check for filter mask range

[PATCH] net/e1000: add check for filter mask range

[Stephen Hemminger]

Gcc-16 complains about possible reference outside of array
when managing flex filter. This is a false positive because the
filter length can never be that long, but compiler can't detect
that. Add guard rail check to only loop over possible array.

../drivers/net/intel/e1000/igb_ethdev.c:4265:23: note: at offset 152 into destination object of size 176 allocated by ‘rte_zmalloc’
 4265 |         flex_filter = rte_zmalloc("e1000_flex_filter",
      |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 4266 |                         sizeof(struct e1000_flex_filter), 0);
      |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../drivers/net/intel/e1000/igb_ethdev.c:4280:50: warning: writing 64 bytes into a region of size 0 [-Wstringop-overflow=]
 4280 |                 flex_filter->filter_info.mask[i] = mask;
      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 drivers/net/intel/e1000/igb_ethdev.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/intel/e1000/igb_ethdev.c b/drivers/net/intel/e1000/igb_ethdev.c
index f4e2a6442e..66988cd90d 100644
--- a/drivers/net/intel/e1000/igb_ethdev.c
+++ b/drivers/net/intel/e1000/igb_ethdev.c
@@ -4270,7 +4270,8 @@ eth_igb_add_del_flex_filter(struct rte_eth_dev *dev,
 	flex_filter->filter_info.len = filter->len;
 	flex_filter->filter_info.priority = filter->priority;
 	memcpy(flex_filter->filter_info.dwords, filter->bytes, filter->len);
-	for (i = 0; i < RTE_ALIGN(filter->len, CHAR_BIT) / CHAR_BIT; i++) {
+	for (i = 0; i < RTE_ALIGN(filter->len, CHAR_BIT) / CHAR_BIT
+		     && i < E1000_FLEX_FILTERS_MASK_SIZE; i++) {
 		mask = 0;
 		/* reverse bits in flex filter's mask*/
 		for (shift = 0; shift < CHAR_BIT; shift++) {
-- 
2.51.0

Re: [PATCH] net/e1000: add check for filter mask range

[Burakov, Anatoly]

On 11/14/2025 7:21 PM, Stephen Hemminger wrote:
> Gcc-16 complains about possible reference outside of array
> when managing flex filter. This is a false positive because the
> filter length can never be that long, but compiler can't detect
> that. Add guard rail check to only loop over possible array.
> 
> ../drivers/net/intel/e1000/igb_ethdev.c:4265:23: note: at offset 152 into destination object of size 176 allocated by ‘rte_zmalloc’
>   4265 |         flex_filter = rte_zmalloc("e1000_flex_filter",
>        |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   4266 |                         sizeof(struct e1000_flex_filter), 0);
>        |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ../drivers/net/intel/e1000/igb_ethdev.c:4280:50: warning: writing 64 bytes into a region of size 0 [-Wstringop-overflow=]
>   4280 |                 flex_filter->filter_info.mask[i] = mask;
>        |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---

Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>

-- 
Thanks,
Anatoly

Re: [PATCH] net/e1000: add check for filter mask range

[Bruce Richardson]

On Mon, Nov 17, 2025 at 05:06:45PM +0100, Burakov, Anatoly wrote:
> On 11/14/2025 7:21 PM, Stephen Hemminger wrote:
> > Gcc-16 complains about possible reference outside of array
> > when managing flex filter. This is a false positive because the
> > filter length can never be that long, but compiler can't detect
> > that. Add guard rail check to only loop over possible array.
> > 
> > ../drivers/net/intel/e1000/igb_ethdev.c:4265:23: note: at offset 152 into destination object of size 176 allocated by ‘rte_zmalloc’
> >   4265 |         flex_filter = rte_zmalloc("e1000_flex_filter",
> >        |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >   4266 |                         sizeof(struct e1000_flex_filter), 0);
> >        |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ../drivers/net/intel/e1000/igb_ethdev.c:4280:50: warning: writing 64 bytes into a region of size 0 [-Wstringop-overflow=]
> >   4280 |                 flex_filter->filter_info.mask[i] = mask;
> >        |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
> > 
> > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> > ---
> 
> Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
> 
Applied to dpdk-next-net-intel. [With the "&&" moved to previous line to keep
checkpatch happy]

/Bruce