From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.droids-corp.org (zoll.droids-corp.org [94.23.50.67]) by dpdk.org (Postfix) with ESMTP id 5CDE02C3F for ; Fri, 1 Dec 2017 17:38:02 +0100 (CET) Received: from lfbn-1-6068-189.w90-110.abo.wanadoo.fr ([90.110.3.189] helo=droids-corp.org) by mail.droids-corp.org with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from ) id 1eKoQA-0001LI-MN; Fri, 01 Dec 2017 17:44:15 +0100 Received: by droids-corp.org (sSMTP sendmail emulation); Fri, 01 Dec 2017 17:37:55 +0100 Date: Fri, 1 Dec 2017 17:37:55 +0100 From: Olivier MATZ To: Ilya Matveychikov Cc: dev@dpdk.org Message-ID: <20171201163754.zhsd2uieqfhi6y7v@platinum> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Subject: Re: [dpdk-dev] [PATCH 1/2] mbuf: check sanity of data_len and pkt_len as well X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2017 16:38:02 -0000 Hi Ilya, On Thu, Nov 16, 2017 at 06:04:43PM +0400, Ilya Matveychikov wrote: > Signed-off-by: Ilya V. Matveychikov Please, add a commit log. > --- > lib/librte_mbuf/rte_mbuf.c | 23 +++++++++++++++-------- > 1 file changed, 15 insertions(+), 8 deletions(-) > > diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c > index 7543662f7..491685c36 100644 > --- a/lib/librte_mbuf/rte_mbuf.c > +++ b/lib/librte_mbuf/rte_mbuf.c > @@ -202,8 +202,7 @@ rte_pktmbuf_pool_create(const char *name, unsigned n, > void > rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header) > { > - const struct rte_mbuf *m_seg; > - unsigned int nb_segs; > + unsigned int nb_segs, pkt_len; > > if (m == NULL) > rte_panic("mbuf is NULL\n"); > @@ -220,18 +219,26 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header) > if ((cnt == 0) || (cnt == UINT16_MAX)) > rte_panic("bad ref cnt\n"); > > + /* data_len supposed to be not more than pkt_len */ > + if (m->data_len > m->pkt_len) > + rte_panic("bad data_len\n"); > + This check should only be done if is_header == 1.