From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6BF15A034C; Wed, 23 Feb 2022 09:56:12 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id EC21F40DF6; Wed, 23 Feb 2022 09:56:11 +0100 (CET) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id 93B4540140; Wed, 23 Feb 2022 09:56:10 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645606570; x=1677142570; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=8pnN/69uJmjqps/VM4BbOWvp1LtoalrTbgZtXF7CsNs=; b=XTvWWrJpdY+47R+48psHGCaYOIR3agI7ZU+tFDEOqvArDfOkszaFxlsP zJeO2T+BXXoZ0B8NiMBoTB+7EwlRzuuyitcYKAtSAUYsWuWlEpDeWfB8k NFCUcNsPiGDWl+0oDznLRF6MxJBM6vT+Okz5d/4YnbYOsQKS6L2PM+QSs vum51u6rsFBHQfFrihzQ1wQgj3pYW/MWpz+mu7AaFQUBQpyTljgV47CU2 UcG5nUim9luqn1k9x8Ufko4gOtkgdEaqWU0v/GfPpuELr/dTfu5NNVT5i c62/c3VyiQRRcsWEcA6ZIzgY1ka+x1IG2U6aDeKluBbC66Xt4XBK+nrD9 Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10266"; a="315145037" X-IronPort-AV: E=Sophos;i="5.88,390,1635231600"; d="scan'208";a="315145037" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Feb 2022 00:56:09 -0800 X-IronPort-AV: E=Sophos;i="5.88,390,1635231600"; d="scan'208";a="548151620" Received: from intel-cd-odc-steve.cd.intel.com ([10.240.178.135]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Feb 2022 00:56:07 -0800 From: Steve Yang To: dev@dpdk.org Cc: ferruh.yigit@intel.com, Steve Yang , stable@dpdk.org Subject: [PATCH v1] eal/linux: fix memory illegal accesses Date: Wed, 23 Feb 2022 08:49:50 +0000 Message-Id: <20220223084950.3572178-1-stevex.yang@intel.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org 'recv()' fills the 'buf', later 'strlcpy()' used to copy from this buffer. But as coverity warns 'recv()' doesn't guarantee that 'buf' is null-terminated, but 'strlcpy()' requires it. Enlarge 'buf' size to 'EAL_UEV_MSG_LEN + 1' and ensure the last one can be set to 0 when received buffer size is EAL_UEV_MSG_LEN. CID 375864: Memory - illegal accesses (STRING_NULL) Passing unterminated string "buf" to "dev_uev_parse", which expects a null-terminated string. Coverity issue: 375864 Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process") Cc: stable@dpdk.org Signed-off-by: Steve Yang --- lib/eal/linux/eal_dev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/eal/linux/eal_dev.c b/lib/eal/linux/eal_dev.c index bde55a3d92..851789e85c 100644 --- a/lib/eal/linux/eal_dev.c +++ b/lib/eal/linux/eal_dev.c @@ -231,13 +231,13 @@ dev_uev_handler(__rte_unused void *param) { struct rte_dev_event uevent; int ret; - char buf[EAL_UEV_MSG_LEN]; + char buf[EAL_UEV_MSG_LEN + 1]; struct rte_bus *bus; struct rte_device *dev; const char *busname = ""; memset(&uevent, 0, sizeof(struct rte_dev_event)); - memset(buf, 0, EAL_UEV_MSG_LEN); + memset(buf, 0, EAL_UEV_MSG_LEN + 1); if (rte_intr_fd_get(intr_handle) < 0) return; -- 2.27.0