From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BC063A0548; Mon, 26 Apr 2021 17:08:22 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 390FF41110; Mon, 26 Apr 2021 17:08:22 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mails.dpdk.org (Postfix) with ESMTP id B3D4841104 for ; Mon, 26 Apr 2021 17:08:19 +0200 (CEST) IronPort-SDR: 0IzC/fY7bDAi3oBhTd1y2vrgah5a8ypTJGIzSHdejOfUDDFgmfOTc8IOPDT8/GmdUj83a88E92 BHIB+6vgu8EA== X-IronPort-AV: E=McAfee;i="6200,9189,9966"; a="196409336" X-IronPort-AV: E=Sophos;i="5.82,252,1613462400"; d="scan'208";a="196409336" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Apr 2021 08:08:16 -0700 IronPort-SDR: KjKUqCQmoHbfxebO7Uo5QnVMP9yf1m6vK56s1V0kdDL9CobjcJH3Gdrvg+G8BsGIBLPgHFpH85 k5TFLvbM2k7A== X-IronPort-AV: E=Sophos;i="5.82,252,1613462400"; d="scan'208";a="429426649" Received: from fyigit-mobl1.ger.corp.intel.com (HELO [10.213.241.96]) ([10.213.241.96]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Apr 2021 08:08:15 -0700 To: "Min Hu (Connor)" , dev@dpdk.org References: <1619083366-63417-1-git-send-email-humin29@huawei.com> From: Ferruh Yigit X-User: ferruhy Message-ID: Date: Mon, 26 Apr 2021 16:08:11 +0100 MIME-Version: 1.0 In-Reply-To: <1619083366-63417-1-git-send-email-humin29@huawei.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH] bonding: fix overflow check X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 4/22/2021 10:22 AM, Min Hu (Connor) wrote: > Buffer 'test_params->slave_port_ids' of size 6 accessed may > overflow, since its index 'i' can have value be is out of range. > > This patch fixed it. > > Fixes: 92073ef961ee ("bond: unit tests") > Cc: stable@dpdk.org > > Signed-off-by: Min Hu (Connor) > --- > app/test/test_link_bonding.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/app/test/test_link_bonding.c b/app/test/test_link_bonding.c > index 8a5c831..b5a6042 100644 > --- a/app/test/test_link_bonding.c > +++ b/app/test/test_link_bonding.c > @@ -2216,7 +2216,8 @@ test_activebackup_rx_burst(void) > "failed to get primary slave for bonded port (%d)", > test_params->bonded_port_id); > > - for (i = 0; i < test_params->bonded_slave_count; i++) { > + for (i = 0; i < test_params->bonded_slave_count && > + i < TEST_MAX_NUMBER_OF_PORTS; i++) { > /* Generate test bursts of packets to transmit */ > TEST_ASSERT_EQUAL(generate_test_burst( > &gen_pkt_burst[0], burst_size, 0, 1, 0, 0, 0), > Hi Connor, There is nothing wrong with the check you add, but at first place how 'test_params->bonded_slave_count' can become bigger than 'TEST_MAX_NUMBER_OF_PORTS'? Should we fix there, instead of this loop? Also in same function, there are a few more loops iterate until " < test_params->bonded_slave_count", so fixing the root case works for them too.