From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 27AF8A0487
	for <public@inbox.dpdk.org>; Tue,  2 Jul 2019 13:46:27 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id ADADF1B99E;
	Tue,  2 Jul 2019 13:46:25 +0200 (CEST)
Received: from mail-ua1-f65.google.com (mail-ua1-f65.google.com
 [209.85.222.65]) by dpdk.org (Postfix) with ESMTP id 603281B974
 for <dev@dpdk.org>; Tue,  2 Jul 2019 13:46:24 +0200 (CEST)
Received: by mail-ua1-f65.google.com with SMTP id 8so179356uaz.11
 for <dev@dpdk.org>; Tue, 02 Jul 2019 04:46:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=tNO3O1vcZrVZiax+J5F2bFLfBV7EJbiwqG8xg7pD+JQ=;
 b=TN8SIIQTHT5YLwDeHdQqyAb1RhXs1UGEjadyU8nN/2VdV6KEQi4G8UlIxNjkw1xNK+
 G9HPcgHGdjBIUKKf4nBvSg13csLdwrTv3TqnOlw+EXsF7lXcaIm+exaNtqqkGWKlVjzD
 8omKamG8kfP/sx3ulsAaAKTkpHGRXJEgBh0q+wSVaNz/HyzLivhxuMU7vRIuXwomOIsz
 oaZ0yK/VWBJDoqUuv7sAdVIw1Vfvc/RZS9eBnUMx0CoLFHZDtMIiNOwei+ffaRfDnUdK
 Blz8j5RJyfPRMKlQ9ocyYVOqEaARhKNjlibULPOTkZ37Lg66Hzw6VG3t31iVSE1x9yux
 zn/w==
X-Gm-Message-State: APjAAAXVIupk8HCxPeX+zd7IVdkzJxSuc1vc/Vx6I8fkPlihH7EbYTQA
 5RcEVujK8D0xEsTryEWtXOcmdLs6gKqjTZEaOShjdA==
X-Google-Smtp-Source: APXvYqwJHfVJK8G0q9EqVHUWRKDe8tMXV8akNAUH59zzh80Kd5mD5gNn6kqrzDTVjVLndVtNCJX/Xx6YQ1VJaVKJbMU=
X-Received: by 2002:ab0:2bc6:: with SMTP id s6mr17005234uar.86.1562067983741; 
 Tue, 02 Jul 2019 04:46:23 -0700 (PDT)
MIME-Version: 1.0
References: <1562066494-25411-1-git-send-email-jananeex.m.parthasarathy@intel.com>
In-Reply-To: <1562066494-25411-1-git-send-email-jananeex.m.parthasarathy@intel.com>
From: David Marchand <david.marchand@redhat.com>
Date: Tue, 2 Jul 2019 13:46:12 +0200
Message-ID: <CAJFAV8yWB_d_av2y2qU7KMqynEymxRgU_iydY2oskivaGZz3XA@mail.gmail.com>
To: Jananee Parthasarathy <jananeex.m.parthasarathy@intel.com>
Cc: dev <dev@dpdk.org>, "Pattan, Reshma" <reshma.pattan@intel.com>, 
 Cristian Dumitrescu <cristian.dumitrescu@intel.com>, 
 "Singh, Jasvinder" <jasvinder.singh@intel.com>, dpdk stable <stable@dpdk.org>
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [dpdk-dev] [PATCH] lib/table: fix table autotest ut crashes in
	ipv6
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On Tue, Jul 2, 2019 at 1:22 PM Jananee Parthasarathy <
jananeex.m.parthasarathy@intel.com> wrote:

> Unit test table_autotest results in segmentation fault.
> Crash occurs in test_table_lpm_ipv6_combined().
>
> Variable 'nht_pos0' used as array subscript is not initialized
> in rte_table_lpm_ipv6_entry_add(). It will not be assigned,
> if a rule does not exist.
>
> In such case a junk number or invalid array index might result in
> segmentation fault due to array out of bounds when
> lpm->nht_users is used with such invalid array index.
>
> Fix is to initialize the variables used for array subscript.
>
>
Bugzilla ID: 285

Fixes: d89a5bce1d ("lpm6: extend next hop field")
> Cc: stable@dpdk.org
>
> Signed-off-by: Jananee Parthasarathy <jananeex.m.parthasarathy@intel.com>
> ---
>  lib/librte_table/rte_table_lpm_ipv6.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_table/rte_table_lpm_ipv6.c
> b/lib/librte_table/rte_table_lpm_ipv6.c
> index a55f808a4..4e068d79b 100644
> --- a/lib/librte_table/rte_table_lpm_ipv6.c
> +++ b/lib/librte_table/rte_table_lpm_ipv6.c
> @@ -182,7 +182,7 @@ rte_table_lpm_ipv6_entry_add(
>         struct rte_table_lpm_ipv6 *lpm = table;
>         struct rte_table_lpm_ipv6_key *ip_prefix =
>                 key;
> -       uint32_t nht_pos, nht_pos0, nht_pos0_valid;
> +       uint32_t nht_pos = 0, nht_pos0 = 0, nht_pos0_valid = 0;
>

nht_pos_valid is unconditionnally set, no need to initialize.
Just noticed that nht_pos is not initialised to 0 in ipv4 code.

It fixes the segfault I saw, leaving the ack to the maintainer.
Tested-by: David Marchand <david.marchand@redhat.com>

-- 
David Marchand