DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH dpdk 0/2] IPv6: Fix coverity issues
@ 2024-10-24 15:19 Robin Jarry
  2024-10-24 15:19 ` [PATCH dpdk 1/2] net/ipv6: fix overflowed array index reads Robin Jarry
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Robin Jarry @ 2024-10-24 15:19 UTC (permalink / raw)
  To: dev

Hi all,

Here are fixes for three coverity issues:

/lib/net/rte_ip6.h: 91 in rte_ipv6_addr_mask()
*** CID 446754:  Memory - illegal accesses  (OVERRUN)
85     {
86             if (depth < RTE_IPV6_MAX_DEPTH) {
87                     uint8_t d = depth / 8;
88                     uint8_t mask = ~(UINT8_MAX >> (depth % 8));
89                     ip->a[d] &= mask;
90                     d++;
>>>     CID 446754:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer
>>>     "&ip->a[d]".
91                     memset(&ip->a[d], 0, sizeof(*ip) - d);
92             }
93     }

/lib/net/rte_ip6.h: 114 in rte_ipv6_addr_eq_prefix()
*** CID 446756:  Memory - illegal accesses  (INTEGER_OVERFLOW)
108     rte_ipv6_addr_eq_prefix(const struct rte_ipv6_addr *a, const struct
                                rte_ipv6_addr *b, uint8_t depth)
109     {
110             if (depth < RTE_IPV6_MAX_DEPTH) {
111                     uint8_t d = depth / 8;
112                     uint8_t mask = ~(UINT8_MAX >> (depth % 8));
113
>>>     CID 446756:  Memory - illegal accesses  (INTEGER_OVERFLOW)
>>>     "d", which might have overflowed, is used in a pointer index in "a->a[d]".
114                     if ((a->a[d] ^ b->a[d]) & mask)
115                             return false;
116
117                     return memcmp(a, b, d) == 0;
118             }
119             return rte_ipv6_addr_eq(a, b);

/lib/net/rte_ip6.h: 89 in rte_ipv6_addr_mask()
*** CID 446758:  Memory - corruptions  (INTEGER_OVERFLOW)
83     static inline void
84     rte_ipv6_addr_mask(struct rte_ipv6_addr *ip, uint8_t depth)
85     {
86             if (depth < RTE_IPV6_MAX_DEPTH) {
87                     uint8_t d = depth / 8;
88                     uint8_t mask = ~(UINT8_MAX >> (depth % 8));
>>>     CID 446758:  Memory - corruptions  (INTEGER_OVERFLOW)
>>>     "d", which might have overflowed, is used in a pointer index in "ip->a[d]".
89                     ip->a[d] &= mask;
90                     d++;
91                     memset(&ip->a[d], 0, sizeof(*ip) - d);
92             }
93     }

Cheers.

Robin Jarry (2):
  net/ipv6: fix overflowed array index reads
  net/ipv6: fix out-of-bounds read

 lib/net/rte_ip6.h | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

-- 
2.47.0


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2024-11-06 20:49 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-24 15:19 [PATCH dpdk 0/2] IPv6: Fix coverity issues Robin Jarry
2024-10-24 15:19 ` [PATCH dpdk 1/2] net/ipv6: fix overflowed array index reads Robin Jarry
2024-10-24 15:19 ` [PATCH dpdk 2/2] net/ipv6: fix out-of-bounds read Robin Jarry
2024-10-24 15:37 ` [PATCH dpdk 0/2] IPv6: Fix coverity issues Morten Brørup
2024-11-05 21:05 ` David Marchand
2024-11-06 20:24   ` David Marchand
2024-11-06 20:48     ` Patrick Robb

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).