From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B1D7EA0524; Wed, 2 Jun 2021 11:49:37 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3BDDE4069F; Wed, 2 Jun 2021 11:49:37 +0200 (CEST) Received: from shelob.oktetlabs.ru (shelob.oktetlabs.ru [91.220.146.113]) by mails.dpdk.org (Postfix) with ESMTP id 1A25340689; Wed, 2 Jun 2021 11:49:36 +0200 (CEST) Received: by shelob.oktetlabs.ru (Postfix, from userid 122) id B33BE7F57F; Wed, 2 Jun 2021 12:49:35 +0300 (MSK) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shelob.oktetlabs.ru X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=ALL_TRUSTED, DKIM_ADSP_DISCARD, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 Received: from aros.oktetlabs.ru (aros.oktetlabs.ru [192.168.38.17]) by shelob.oktetlabs.ru (Postfix) with ESMTP id 6D2A67F4FE; Wed, 2 Jun 2021 12:49:29 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 shelob.oktetlabs.ru 6D2A67F4FE Authentication-Results: shelob.oktetlabs.ru/6D2A67F4FE; dkim=none; dkim-atps=neutral From: Andrew Rybchenko To: Cristian Dumitrescu Cc: dev@dpdk.org, Ivan Ilchenko , stable@dpdk.org, Andy Moreton Date: Wed, 2 Jun 2021 12:49:22 +0300 Message-Id: <20210602094922.3507384-1-andrew.rybchenko@oktetlabs.ru> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210602090629.3495940-1-andrew.rybchenko@oktetlabs.ru> References: <20210602090629.3495940-1-andrew.rybchenko@oktetlabs.ru> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v2] bitmap: fix buffer overrun in bitmap init function X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Ivan Ilchenko Bitmap initialization function is allowed to memset() caller-provided buffer with number of bytes exceeded this buffer size. This happens due to wrong comparison sign between buffer size and number of bytes required to initialize bitmap. Fixes: 602c9ca33a4 ("sched: bitmap is now dynamically allocated") Cc: stable@dpdk.org Reported-by: Andy Moreton Signed-off-by: Ivan Ilchenko Reviewed-by: Andy Moreton Signed-off-by: Andrew Rybchenko --- lib/eal/include/rte_bitmap.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/eal/include/rte_bitmap.h b/lib/eal/include/rte_bitmap.h index 9e2b8f2cbf..e4623bb176 100644 --- a/lib/eal/include/rte_bitmap.h +++ b/lib/eal/include/rte_bitmap.h @@ -185,9 +185,8 @@ rte_bitmap_init(uint32_t n_bits, uint8_t *mem, uint32_t mem_size) size = __rte_bitmap_get_memory_footprint(n_bits, &array1_byte_offset, &array1_slabs, &array2_byte_offset, &array2_slabs); - if (size < mem_size) { + if (size > mem_size) return NULL; - } /* Setup bitmap */ memset(mem, 0, size); -- 2.30.2