From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dariuszx.stojaczyk@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by dpdk.org (Postfix) with ESMTP id B48B714EC
 for <dev@dpdk.org>; Thu, 11 May 2017 14:32:43 +0200 (CEST)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 11 May 2017 05:32:42 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.38,324,1491289200"; d="scan'208";a="100751265"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by fmsmga006.fm.intel.com with ESMTP; 11 May 2017 05:32:41 -0700
Received: from hasmsx106.ger.corp.intel.com (10.184.198.20) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Thu, 11 May 2017 05:32:41 -0700
Received: from hasmsx105.ger.corp.intel.com ([169.254.1.38]) by
 HASMSX106.ger.corp.intel.com ([169.254.2.229]) with mapi id 14.03.0319.002;
 Thu, 11 May 2017 15:32:39 +0300
From: "Stojaczyk, DariuszX" <dariuszx.stojaczyk@intel.com>
To: Jens Freimann <jfreiman@redhat.com>
CC: "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [dpdk-dev] [PATCH v2 1/3] vhost: fix malloc in
 rte_vhost_get_mem_table
Thread-Index: AQHSyieaqNyeVLi0XkKIjvDpPGTo26Hu0LQAgAA6AzA=
Date: Thu, 11 May 2017 12:32:38 +0000
Message-ID: <FBE7E039FA50BF47A673AD0BD3CD56A8A7282C@HASMSX105.ger.corp.intel.com>
References: <1494498209-77217-1-git-send-email-dariuszx.stojaczyk@intel.com>
 <1494500208-78788-1-git-send-email-dariuszx.stojaczyk@intel.com>
 <20170511114222.y7r2ifehoxej3iu5@dhcp-192-218.str.redhat.com>
In-Reply-To: <20170511114222.y7r2ifehoxej3iu5@dhcp-192-218.str.redhat.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 10.0.102.7
dlp-reaction: no-action
x-originating-ip: [10.184.70.10]
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dpdk-dev] [PATCH v2 1/3] vhost: fix malloc in
 rte_vhost_get_mem_table
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2017 12:32:44 -0000

The size variable is still used a few lines later:
memcpy(m->regions, dev->mem->regions, size);
That line is ok. Only the amount of malloc'ed memory was too small.

-----Original Message-----
From: Jens Freimann [mailto:jfreiman@redhat.com] =

Sent: Thursday, May 11, 2017 1:42 PM
To: Stojaczyk, DariuszX <dariuszx.stojaczyk@intel.com>
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH v2 1/3] vhost: fix malloc in rte_vhost_get_m=
em_table

On Thu, May 11, 2017 at 12:56:46PM +0200, Dariusz Stojaczyk wrote:
> Amount of allocated memory was too small, causing buffer overflow.
> =

> Signed-off-by: Dariusz Stojaczyk <dariuszx.stojaczyk@intel.com>
> ---
> Removed Gerrit Change-Id
>  lib/librte_vhost/vhost.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> =

> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index =

> 0b19d2e..1f565fb 100644
> --- a/lib/librte_vhost/vhost.c
> +++ b/lib/librte_vhost/vhost.c
> @@ -369,7 +369,7 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_mem=
ory **mem)
>  		return -1;
>  =

>  	size =3D dev->mem->nregions * sizeof(struct rte_vhost_mem_region);
> -	m =3D malloc(size);
> +	m =3D malloc(sizeof(struct rte_vhost_memory) + size);

Why not just add it to the line above where size is calculated?
With that changed,

Reviewed-by: Jens Freimann <jfreimann@redhat.com> =



regards,
Jens

--------------------------------------------------------------------

Intel Technology Poland sp. z o.o.
ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydz=
ial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-31=
6 | Kapital zakladowy 200.000 PLN.

Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata=
 i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wi=
adomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiek=
olwiek
przegladanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the s=
ole use of the intended recipient(s). If you are not the intended recipient=
, please contact the sender and delete all copies; any review or distributi=
on by
others is strictly prohibited.