From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 40722A09F0; Thu, 17 Dec 2020 09:27:44 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 7FF51C9CE; Thu, 17 Dec 2020 09:27:41 +0100 (CET) Received: from inbox.dpdk.org (xvm-172-178.dc0.ghst.net [95.142.172.178]) by dpdk.org (Postfix) with ESMTP id 64CA7C9C2 for ; Thu, 17 Dec 2020 09:27:38 +0100 (CET) Received: by inbox.dpdk.org (Postfix, from userid 33) id 323D6A09F1; Thu, 17 Dec 2020 09:27:38 +0100 (CET) From: bugzilla@dpdk.org To: dev@dpdk.org Date: Thu, 17 Dec 2020 08:27:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: DPDK X-Bugzilla-Component: ethdev X-Bugzilla-Version: 20.08 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: zhihongx.peng@intel.com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: dev@dpdk.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All MIME-Version: 1.0 Subject: [dpdk-dev] =?utf-8?q?=5BBug_603=5D_The_variable_drivers/regex/oct?= =?utf-8?q?eontx2/otx2=5Fregexdev=2Ec=EF=BC=9Apci=5Fid=5Free=5Ftable_is_no?= =?utf-8?q?t_initialized=2C_which_will_cause_the_global_variable_to_overfl?= =?utf-8?q?ow=2C_which_is_a_security_risk=2E?= X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" https://bugs.dpdk.org/show_bug.cgi?id=3D603 Bug ID: 603 Summary: The variable drivers/regex/octeontx2/otx2_regexdev.c=EF=BC=9Apci_id_= ree_tab le is not initialized, which will cause the global variable to overflow, which is a security risk. Product: DPDK Version: 20.08 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: Normal Component: ethdev Assignee: dev@dpdk.org Reporter: zhihongx.peng@intel.com Target Milestone: --- pci_id_ree_table needs to be initialized as=EF=BC=9A static struct rte_pci_id pci_id_ree_table[] =3D { { RTE_PCI_DEVICE(PCI_VENDOR_ID_CAVIUM, PCI_DEVID_OCTEONTX2_RVU_REE_PF) } , { .vendor_id =3D 0, /* sentinel */ } , }; Test steps: 1. Compile add option -Db_sanitize=3Daddress CC=3Dgcc meson --werror -Denable_kmods=3DTrue -Dlibdir=3Dlib -Dbuildtype=3D= debug -Db_sanitize=3Daddress --default-library=3Dstatic x86_64-native-linuxapp-gcc ninja -C x86_64-native-linuxapp-gcc -j 55 2. start dpdp-testpmd ./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0x6 -n 4 =E2=80=93 -i 3. a global-buffer-overflow =3D=3D42285=3D=3DERROR: AddressSanitizer: global-buffer-overflow on address 0x5585c5a18e70 at pc 0x5585c05b0c2d bp 0x7fff3eafa280 sp 0x7fff3eafa270 READ of size 2 at 0x5585c5a18e70 thread T0 #0 0x5585c05b0c2c in rte_pci_match ../drivers/bus/pci/pci_common.c:132 #1 0x5585c05b0c8c in rte_pci_probe_one_driver ../drivers/bus/pci/pci_common.c:177 #2 0x5585c05b19c0 in pci_probe_all_drivers ../drivers/bus/pci/pci_common.c:= 318 #3 0x5585c05b1a67 in pci_probe ../drivers/bus/pci/pci_common.c:345 --=20 You are receiving this mail because: You are the assignee for the bug.=