From: 0-day Robot <robot@bytheb.org>
To: test-report@dpdk.org, Stephen Hemminger <stephen@networkplumber.org>
Subject: |SUCCESS| pw159226 [PATCH v5 15/17] ethdev: avoid possible overflow in xstat names
Date: Tue, 16 Dec 2025 11:12:30 -0500 [thread overview]
Message-ID: <20251216161230.762636-1-robot@bytheb.org> (raw)
In-Reply-To: <20251207191242.165619-16-stephen@networkplumber.org>
Test-Label: 0day Robot - Claude SONNET
Test-Status: SUCCESS
http://dpdk.org/patch/159226
_AI Review Comments Available_
**TodoWrite Items:**
- [x] git sha of the commit: (from patch series v5 15/17)
- [x] Author: Stephen Hemminger <stephen@networkplumber.org>
- [x] One line subject: ethdev: avoid possible overflow in xstat names
- [x] Brief summary of the commit
- [x] Unified diff of the commit, quoted as email reply
- [x] Questions about regressions placed alongside relevant code
- [x] Snipped portions of quoted content unrelated to review
- [x] Check every hunk for relevance to review comments
- [x] Retain necessary diff headers
- [x] Replace snipped content with [ ... ]
- [x] Only keep quoted material needed for review to make sense
---
Author: Stephen Hemminger <stephen@networkplumber.org>
Subject: ethdev: avoid possible overflow in xstat names
This commit adds overflow checking to snprintf operations when
constructing ethernet device statistic names. It replaces silent
truncation with explicit error logging when statistic names exceed
the available buffer space.
> diff --git a/lib/ethdev/rte_ethdev.c b/lib/ethdev/rte_ethdev.c
> index c6fe0d5165..05de3335e5 100644
> --- a/lib/ethdev/rte_ethdev.c
> +++ b/lib/ethdev/rte_ethdev.c
> @@ -3489,9 +3489,10 @@ eth_basic_stats_get_names(struct rte_eth_dev *dev,
> uint16_t num_q;
>
> for (idx = 0; idx < RTE_NB_STATS; idx++) {
> - strlcpy(xstats_names[cnt_used_entries].name,
> - eth_dev_stats_strings[idx].name,
> - sizeof(xstats_names[0].name));
> + if (strlcpy(xstats_names[cnt_used_entries].name, eth_dev_stats_strings[idx].name,
> + sizeof(xstats_names[0].name)) >= sizeof(xstats_names[0].name))
> + RTE_ETHDEV_LOG_LINE(ERR, "statistic name '%s' will be truncated",
> + xstats_names[cnt_used_entries].name);
Does this error message print the correct value? After strlcpy truncates
the source string, xstats_names[cnt_used_entries].name contains the
truncated version rather than the original problematic string from
eth_dev_stats_strings[idx].name.
> @@ -3501,10 +3502,17 @@ eth_basic_stats_get_names(struct rte_eth_dev *dev,
> num_q = RTE_MIN(dev->data->nb_rx_queues, RTE_ETHDEV_QUEUE_STAT_CNTRS);
> for (id_queue = 0; id_queue < num_q; id_queue++) {
> for (idx = 0; idx < RTE_NB_RXQ_STATS; idx++) {
> - snprintf(xstats_names[cnt_used_entries].name,
> - sizeof(xstats_names[0].name),
> - "rx_q%u_%s",
> - id_queue, eth_dev_rxq_stats_strings[idx].name);
> + unsigned int cc;
> +
> + cc = snprintf(xstats_names[cnt_used_entries].name,
> + sizeof(xstats_names[0].name),
> + "rx_q%u_%s",
> + id_queue, eth_dev_rxq_stats_strings[idx].name);
> +
> + /* could only happen if a long string was added */
> + if (cc >= sizeof(xstats_names[0].name))
> + RTE_ETHDEV_LOG_LINE(ERR, "truncated rxq stat string '%s'",
> + eth_dev_rxq_stats_strings[idx].name);
Should this error message include the queue ID to help identify which
specific queue statistic caused the truncation? The current message
only shows the base statistic name without the queue context.
> @@ -3512,10 +3520,15 @@ eth_basic_stats_get_names(struct rte_eth_dev *dev,
> num_q = RTE_MIN(dev->data->nb_tx_queues, RTE_ETHDEV_QUEUE_STAT_CNTRS);
> for (id_queue = 0; id_queue < num_q; id_queue++) {
> for (idx = 0; idx < RTE_NB_TXQ_STATS; idx++) {
> - snprintf(xstats_names[cnt_used_entries].name,
> - sizeof(xstats_names[0].name),
> - "tx_q%u_%s",
> - id_queue, eth_dev_txq_stats_strings[idx].name);
> + unsigned int cc;
> +
> + cc = snprintf(xstats_names[cnt_used_entries].name,
> + sizeof(xstats_names[0].name),
> + "tx_q%u_%s",
> + id_queue, eth_dev_txq_stats_strings[idx].name);
> + if (cc >= sizeof(xstats_names[0].name))
> + RTE_ETHDEV_LOG_LINE(ERR, "truncated txq stat string '%s'",
> + eth_dev_txq_stats_strings[idx].name);
Would it be more consistent to include the same comment about "could
only happen if a long string was added" here as in the rx queue
handling above?
prev parent reply other threads:[~2025-12-16 16:12 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20251205022948.327743-1-stephen@networkplumber.org>
[not found] ` <20251207191242.165619-1-stephen@networkplumber.org>
[not found] ` <20251207191242.165619-13-stephen@networkplumber.org>
2025-12-07 19:15 ` |SUCCESS| pw159223 [PATCH v5 12/17] eal: check for hugefile path overflow checkpatch
2025-12-16 16:12 ` 0-day Robot
[not found] ` <20251207191242.165619-11-stephen@networkplumber.org>
2025-12-07 19:16 ` |SUCCESS| pw159221 [PATCH v5 10/17] eal: add check for sysfs " checkpatch
2025-12-16 16:12 ` |SUCCESS| pw159221 " 0-day Robot
[not found] ` <20251207191242.165619-8-stephen@networkplumber.org>
2025-12-07 19:17 ` |SUCCESS| pw159218 [PATCH v5 07/17] efd: handle possible name truncation checkpatch
2025-12-16 16:12 ` 0-day Robot
[not found] ` <20251207191242.165619-7-stephen@networkplumber.org>
2025-12-07 19:17 ` |WARNING| pw159217 [PATCH v5 06/17] telemetry: avoid possible string overflow checkpatch
2025-12-16 16:12 ` |SUCCESS| " 0-day Robot
[not found] ` <20251207191242.165619-5-stephen@networkplumber.org>
2025-12-07 19:17 ` |SUCCESS| pw159215 [PATCH v5 04/17] graph: avoid overflowing comment buffer checkpatch
2025-12-16 16:12 ` 0-day Robot
[not found] ` <20251207191242.165619-2-stephen@networkplumber.org>
2025-12-07 19:17 ` |SUCCESS| pw159212 [PATCH v5 01/17] eal: use C library to parse filesystem table checkpatch
2025-12-16 16:11 ` 0-day Robot
[not found] ` <20251207191242.165619-18-stephen@networkplumber.org>
2025-12-07 18:47 ` |SUCCESS| pw159212-159228 [PATCH v5 17/17] lib: enable format overflow warnings qemudev
2025-12-07 18:54 ` |FAILURE| " qemudev
2025-12-07 19:19 ` |SUCCESS| pw159228 " checkpatch
2025-12-07 20:59 ` |FAILURE| " 0-day Robot
2025-12-08 10:39 ` |FAILURE| pw159212-159228 [PATCH] [v5,17/17] lib: enable format over dpdklab
2025-12-08 10:43 ` dpdklab
2025-12-08 10:44 ` |WARNING| " dpdklab
2025-12-08 10:45 ` |PENDING| " dpdklab
2025-12-08 10:45 ` |SUCCESS| " dpdklab
2025-12-08 10:45 ` |FAILURE| " dpdklab
2025-12-08 10:47 ` dpdklab
2025-12-08 10:47 ` |SUCCESS| " dpdklab
2025-12-08 10:48 ` |FAILURE| " dpdklab
2025-12-08 10:51 ` |WARNING| " dpdklab
2025-12-08 11:02 ` |SUCCESS| " dpdklab
2025-12-08 11:02 ` |FAILURE| " dpdklab
2025-12-08 11:03 ` |SUCCESS| " dpdklab
2025-12-08 11:12 ` dpdklab
2025-12-08 11:12 ` |FAILURE| " dpdklab
2025-12-08 11:15 ` dpdklab
2025-12-08 11:22 ` |WARNING| " dpdklab
2025-12-08 11:24 ` |FAILURE| " dpdklab
2025-12-08 14:29 ` dpdklab
2025-12-08 16:06 ` dpdklab
2025-12-10 4:01 ` dpdklab
2025-12-10 4:17 ` dpdklab
2025-12-16 1:28 ` dpdklab
2025-12-16 16:12 ` |SUCCESS| pw159228 [PATCH v5 17/17] lib: enable format overflow warnings 0-day Robot
2025-12-16 23:31 ` |SUCCESS| pw159212-159228 [PATCH] [v5,17/17] lib: enable format over dpdklab
2025-12-16 23:38 ` |WARNING| " dpdklab
2025-12-16 23:39 ` |SUCCESS| " dpdklab
2025-12-16 23:43 ` |FAILURE| " dpdklab
2025-12-16 23:49 ` |SUCCESS| " dpdklab
2025-12-16 23:59 ` |FAILURE| " dpdklab
2025-12-17 0:09 ` |WARNING| " dpdklab
[not found] ` <20251207191242.165619-17-stephen@networkplumber.org>
2025-12-07 19:19 ` |SUCCESS| pw159227 [PATCH v5 16/17] vhost: check for overflow in xstat name checkpatch
2025-12-16 16:12 ` 0-day Robot
[not found] ` <20251207191242.165619-3-stephen@networkplumber.org>
2025-12-16 16:12 ` |SUCCESS| pw159213 [PATCH v5 02/17] lpm: restrict name size 0-day Robot
[not found] ` <20251207191242.165619-4-stephen@networkplumber.org>
2025-12-16 16:12 ` |SUCCESS| pw159214 [PATCH v5 03/17] hash: add checks for hash name length 0-day Robot
[not found] ` <20251207191242.165619-6-stephen@networkplumber.org>
2025-12-07 19:17 ` |SUCCESS| pw159216 [PATCH v5 05/17] latencystats: add check for string overflow checkpatch
2025-12-16 16:12 ` 0-day Robot
[not found] ` <20251207191242.165619-9-stephen@networkplumber.org>
2025-12-07 19:16 ` |SUCCESS| pw159219 [PATCH v5 08/17] eal: warn if thread name is truncated checkpatch
2025-12-16 16:12 ` |SUCCESS| pw169219 " 0-day Robot
[not found] ` <20251207191242.165619-10-stephen@networkplumber.org>
2025-12-07 19:16 ` |SUCCESS| pw159220 [PATCH v5 09/17] eal: avoid format overflow when handling addresses checkpatch
2025-12-16 16:12 ` 0-day Robot
[not found] ` <20251207191242.165619-12-stephen@networkplumber.org>
2025-12-07 19:16 ` |SUCCESS| pw159222 [PATCH v5 11/17] eal: limit maximum runtime directory and socket paths checkpatch
2025-12-16 16:12 ` 0-day Robot
[not found] ` <20251207191242.165619-14-stephen@networkplumber.org>
2025-12-07 19:14 ` |SUCCESS| pw159224 [PATCH v5 13/17] eal: check tailq length checkpatch
2025-12-16 16:12 ` 0-day Robot
[not found] ` <20251207191242.165619-15-stephen@networkplumber.org>
2025-12-07 19:13 ` |SUCCESS| pw159225 [PATCH v5 14/17] eal: handle long shared library path checkpatch
2025-12-16 16:12 ` 0-day Robot
[not found] ` <20251207191242.165619-16-stephen@networkplumber.org>
2025-12-07 19:19 ` |SUCCESS| pw159226 [PATCH v5 15/17] ethdev: avoid possible overflow in xstat names checkpatch
2025-12-16 16:12 ` 0-day Robot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251216161230.762636-1-robot@bytheb.org \
--to=robot@bytheb.org \
--cc=stephen@networkplumber.org \
--cc=test-report@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).