* [DPDK/ethdev Bug 1791] cnxk driver reference past requested xstat array
@ 2025-09-23 14:05 bugzilla
0 siblings, 0 replies; only message in thread
From: bugzilla @ 2025-09-23 14:05 UTC (permalink / raw)
To: dev
[-- Attachment #1: Type: text/plain, Size: 1446 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1791
Bug ID: 1791
Summary: cnxk driver reference past requested xstat array
Product: DPDK
Version: 25.07
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: stephen@networkplumber.org
Target Milestone: ---
Because the cnxk driver ignores the limit arguement in some functions such as
xstat_names_get(). If the application asks for only some of the values in the
xstats then an out of bounds reference is possible.
Something like:
struct rte_esth_xstat_name names[20];
rte_eth_xstat_get_names(port_id, names, 20);
will cause out of bound array reference down here:
int
roc_nix_xstats_names_get(struct roc_nix *roc_nix,
struct roc_nix_xstat_name *xstats_names,
unsigned int limit)
{
struct nix *nix = roc_nix_to_nix_priv(roc_nix);
struct idev_cfg *idev = idev_get_cfg();
uint64_t i, count = 0;
PLT_SET_USED(limit);
for (i = 0; i < CNXK_NIX_NUM_TX_XSTATS; i++) {
NIX_XSTATS_NAME_PRINT(xstats_names, count, nix_tx_xstats, i);
count++;
}
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 3325 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-09-23 14:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-23 14:05 [DPDK/ethdev Bug 1791] cnxk driver reference past requested xstat array bugzilla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).