From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9C253488FE for ; Fri, 10 Oct 2025 13:17:01 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7639F40285; Fri, 10 Oct 2025 13:17:01 +0200 (CEST) Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by mails.dpdk.org (Postfix) with ESMTP id AFB7F4027A for ; Fri, 10 Oct 2025 13:16:59 +0200 (CEST) Received: from pps.filterd (m0246629.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 59A8tacC032063 for ; Fri, 10 Oct 2025 11:16:58 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-type:date:from:message-id:mime-version:subject:to; s= corp-2025-04-25; bh=3yinDOwiLF0jenstW4zFKibLO97g6httB/p3DVllTSQ=; b= bAc3evH7C/szEtpJ9XKy6u4C+DJrdoT/+xvlEeSJZqAiVBg6qIbbBEzZqm3e0U2e uXhC4FWTX4cF/KIWc+lRKuvgWL2H+YP6pXkKDeozmprkDVejKSms+sU3O/bzhCuv ZapcP+/Q+AvGLLPQULXi1DoCU0Xl8l+zw1bAFfhRRxI6uvVkYhrw4Q33CFlEH/vm gU0ITh4fmkEgkG1LCtNLBJjK16iVM0VJgUKaCalZPLS46zrCo/2yELc37kq2yj4/ iTwv44lBQ1S5EePulEWEeLmgLJ1fiZZr63Rfc8sSxjMohpm9T7DgQ5PmQUrdIQE1 D8ma5KxTu6EMCz1YVn6oxw== Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 49nv6bug45-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 10 Oct 2025 11:16:58 +0000 (GMT) Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 59A9XcFL014386 for ; Fri, 10 Oct 2025 11:16:58 GMT Received: from bn1pr04cu002.outbound.protection.outlook.com (mail-eastus2azon11010016.outbound.protection.outlook.com [52.101.56.16]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 49nv68kcqx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 10 Oct 2025 11:16:57 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=l+hgLXQ7GNQhTLLUVXlU5kwjOtGOSw5szsLjPzqeo2EHf0kDS4ELdAipzNxEiZvpqxUgkXW2sxwNawTJumxhGZw7lo+18beJUs6gY34iIu+1Todj7ZvGI7x3/oV8vP9riMeBuAtGg5ua+UkDo742m/nj9n6cvipF6mwqLQ7yZ9D3lhewHYxzdlwfpIqYCxpSdmz0hMe6AChCodtCPfUjomwtElyfEl7DokmKbRq3xIKB/Al/jCabKsU3B2q3yqazhk3JDpT0H4ZSFi+xqXg5nbS9eiLzrMf1Sdfui9HCr/ZD5SYhTHlpvZ/ruGrvHK/qkTucx+TuuRcwvOQB8RsELA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3yinDOwiLF0jenstW4zFKibLO97g6httB/p3DVllTSQ=; b=ZpbunSkfJmy0I85mr/0E2tFBi/BQdqdjcd2EtizXIKYKwHLxpgBOW2gTocv7OI7c+OGgpuS6NfGPvjQSx4HV6TQINuiKuD5PzPSXGlAd3fmlidmGuIATFzH5n95b913gEftaibEx65GEzD3Ng5ZzC6g4NZKIp3JlH/qqSf3mL39jvDEZZol+gXUCEsU5QZqxEzs0wNJ5Qz2pmKWOcGpmmJJRpBfvtmsNb2+KumPtmKFQG0pul/MPztaOMdj/Z3PTrdJQl2+aYeU1LHzwh0P0JpWswquXwpgUaBEx/t22VsYOU8AlqOay085K8SSy/UpaVDM09qTfJpY0e5vsAYrYJw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3yinDOwiLF0jenstW4zFKibLO97g6httB/p3DVllTSQ=; b=NvTd7xRlEn9hzn06Okkrhupd1O46VtVsayMqPjcjXLJJKa5jpUCakOIbxrcRrBomwP11D2r1MYjV2cQuFLMAvTePMmBRRTLJaxM/ZuQYyIXuktfc0069Ll5bSBwUUGffCu9KMCs89+G91PkWoDvb0/uwcVsfF8Mrhr/SeEUaH3Q= Received: from DM6PR10MB4124.namprd10.prod.outlook.com (2603:10b6:5:218::18) by CO1PR10MB4674.namprd10.prod.outlook.com (2603:10b6:303:9c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9203.10; Fri, 10 Oct 2025 11:16:55 +0000 Received: from DM6PR10MB4124.namprd10.prod.outlook.com ([fe80::b254:4bfb:b53:233b]) by DM6PR10MB4124.namprd10.prod.outlook.com ([fe80::b254:4bfb:b53:233b%5]) with mapi id 15.20.9203.009; Fri, 10 Oct 2025 11:16:55 +0000 From: NAGENDRA BALAGANI To: "users@dpdk.org" CC: Kapil Kumar Jain Subject: Clarification on Possible Buffer Overflow Issues Reported by Fortify Tool Thread-Topic: Clarification on Possible Buffer Overflow Issues Reported by Fortify Tool Thread-Index: AQHcOdZJsRYYCYExW0qLlud4K8SVcg== Date: Fri, 10 Oct 2025 11:16:54 +0000 Message-ID: Accept-Language: en-US Content-Language: en-IN X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_a4de43ec-192a-49eb-8e54-baeb8c71bbbe_Enabled=True; MSIP_Label_a4de43ec-192a-49eb-8e54-baeb8c71bbbe_SiteId=4e2c6054-71cb-48f1-bd6c-3a9705aca71b; MSIP_Label_a4de43ec-192a-49eb-8e54-baeb8c71bbbe_SetDate=2025-10-10T11:09:03.8792734Z; MSIP_Label_a4de43ec-192a-49eb-8e54-baeb8c71bbbe_Name=Confidential ; MSIP_Label_a4de43ec-192a-49eb-8e54-baeb8c71bbbe_ContentBits=3; MSIP_Label_a4de43ec-192a-49eb-8e54-baeb8c71bbbe_Method=Standard x-ms-reactions: allow x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DM6PR10MB4124:EE_|CO1PR10MB4674:EE_ x-ms-office365-filtering-correlation-id: 3032a2bb-9ce5-4258-dd2f-08de07ee851a x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; ARA:13230040|1800799024|366016|376014|38070700021|8096899003|13003099007; x-microsoft-antispam-message-info: =?us-ascii?Q?ux6BIyzonEpJhJqrBYDBBml7IK1+1xRf8q2shvpcSiJm1P9BddiUdLE8oA4S?= =?us-ascii?Q?+tQoprNLNJzOWgs2EDbW2gTVJWnV4MSxhx9F3ZVXhT+E9qyiaIeN3D5Rd3ai?= =?us-ascii?Q?PZL0lVNJO2NUGQspwSzMIp0k1cWl0Iyom+xncMTpsdMM+bzfiFRcQN41s2Wr?= =?us-ascii?Q?OZ/oqh6AB6hMNJ7PRIhdxTSYR6e05mMiaQGbXfhrW6qIdz4rkKq2YCoEg3lC?= =?us-ascii?Q?uUeaygtOulEZeeFI6lCdvRgJ+EfonxKgQ2cEM5tTbibmHMsw4lKmsuou/9A8?= =?us-ascii?Q?Xsscww/GtD0ahqTCBG9NdFvdD059XeMSM34l0IUUOhMg77ZldRk+w3XRETXc?= =?us-ascii?Q?hs8CiwOo5/9XneYwmcfzqShsyLgafyYYbJiAZNeBEKlZpZ5EIASI2KcnIwIX?= =?us-ascii?Q?6RdJk7sBD6X8QtPW2pOVE4kg/gbGyr/DDQHqGOq8j6XvBzV3B10x8SfmpW3t?= =?us-ascii?Q?YJPm3/ZrkhptOn8Gnrg8SbCEOelsB+hjwnyO+bPFLOQKHhKUumI8yOEslxrF?= =?us-ascii?Q?h1xFd91VmFeXtpnZvgnnI6dsIAGXh5MwlOzpvp46kT7VmfXYcIiF6isjwwlH?= =?us-ascii?Q?/r4W9+gZ+u/NHKWvOZ3SB/PyH8i2dIEiWnGfjxycWkNS2xfBcJNE4JjvjPu5?= =?us-ascii?Q?zVk6SLrFHbzfllfq/0fJDk2xjr2ewOC7bWAZ3zLD6q83wRuDwaz5PWCx4DNu?= =?us-ascii?Q?RlFJj9qrmtyB36UKs2DZJcFoHT5qSD1HwzAt72Xm3zCxG0UVZfMa4tMJfvMZ?= =?us-ascii?Q?EPuIZJyBpfH+mhyN1UzwlP1hJ92bVKadTxN3rWUufTlrF3pTH7cVU1ThLkoj?= =?us-ascii?Q?eZ1uf2lGDLrtVWV7EAeTn7R8d6dIDOG5W6W8X/FwRdGBOo6+myrt8WkSjTjO?= =?us-ascii?Q?Crral+13mTI6BCF+/1dOVRqOPmyZOgzoI3y2YgVRiWUSCPzpmnbFdZsNkOVr?= =?us-ascii?Q?fzmxuNzzUUAqvtlYLm0lkaNAZGf0N+DF++w9nM1rUF2Pl4SIGl8blVHLNtUG?= =?us-ascii?Q?JIoF83I6+ZCs4paIygxNBAFLNahaVinKOWKywvpsE11aw7p0RJ+SeUo+g3XB?= =?us-ascii?Q?K6OMlS/egDhzGpteWTAooxNxg0glMOQ/zQUaFFcIeguf/07egUpcww6K5tlq?= =?us-ascii?Q?azSFEzhnZETg3ItcLe8PMZSZbgp5Dec28lcCbFajSbtc+psPDQfQFdYyaQhj?= =?us-ascii?Q?+ZP+l/BuD4GP/yUjRsh6MbdRj17Q5p9zQrJiyBjKZCZqtC261ankcZe/a7wg?= =?us-ascii?Q?XlEEoHfOXNjLw4U0c4PMhRdaV8/By5VXc32sLDBuyEkDxjoKYHdY6jjsk70F?= =?us-ascii?Q?uXvhWJYRVaa5FawLpdkmk/Nh1NfGQQ7/e6ZQKTbHCSrZPcQxECkNmlMXB4yX?= =?us-ascii?Q?sFnat5+Ljy42Sp576iag8Pw46laEyaDVz5Zd919lcAwo8LEWY5K4SIs26Boe?= =?us-ascii?Q?ADUNTX23ch0Q8RRASSuex9e2/jkXQhygib9AsON36Ssdp37rrENoxA=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR10MB4124.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(1800799024)(366016)(376014)(38070700021)(8096899003)(13003099007); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?1fs3kOmWSnsGZicv98OMdlH5MA5fjM25ZX+oWI4jGOdyooKvNTFMPkQn+44e?= =?us-ascii?Q?xmKUGRyI/9mwZnUm4S3ciyJoHFTlALZrkQxJHb5/5e9Vj0LquPqCoudqVC9E?= =?us-ascii?Q?/nHRNX4BFUcoDck/zWqns/dlFJbCmqEXjwGqZOTpVn8WiexcZzqOBThar9an?= =?us-ascii?Q?HQ5mdue7/NmQ1BWmRU7V97OcEXUQFEaF1MKrCep0KuOnswbHhx4wSgoq39Et?= =?us-ascii?Q?UjEXYGJmmD18ah3e6AeuZbzQWbZOUwnIUkKzthdLRfpCAf3k+Xcdsnc5QmMD?= =?us-ascii?Q?oim0BkS5G/v1s+QJN0t10dxGFTBH9AL57iXkXYNFdxeVf3QbAbAEph7/GylS?= =?us-ascii?Q?7B3IXtJx4F8mkFXVNgDK0T2kMZJXg/234VHYtvtU/1nOQ9GKLfyvsYUGmmZv?= =?us-ascii?Q?zX19d4LI7GRTQ+bwMlT/PEHhNDwojORdim/pInjz2HURbhWZtJH11ekjRABx?= =?us-ascii?Q?TQjWN4eBpVMSSBkVD1ulz50HrUNuiMh/JqMsHY5/Cb6mrOTqBIRsbjFhes8u?= =?us-ascii?Q?tFeh+4SEvL96ZuTcgtfMgA8rDyShYSPMxhfjipuqUg3UrQ9zZbdA5SK5kjZ7?= =?us-ascii?Q?8ksDx/51dhB4gcD+mul5+16U0uI+5LLHxuGIVt43Eo8oKmuCfDmvx6QKZtkA?= =?us-ascii?Q?70Zw3xo6CNDa5NNqeNJAopOzjJSSUe9JZU2ijGyYneEbqs61oNu5eQ5yBKDK?= =?us-ascii?Q?keMcQLdsknvZL0D3evG5QNSN7C/GLt8gTEPQbnqkhqfr9k35FVe5uLcNiaJP?= =?us-ascii?Q?xQ8lN8Z65xVxMtvqBaE8MvdiF+J5pcU6U4i4jx+6h49VTqC3R5Fd13uSfsK1?= =?us-ascii?Q?s+CLVzawxjwtzJls+PIKzuBd1+PQxbN9QgNQWumACEduGNqNH4nyP6iTZ6zs?= =?us-ascii?Q?mYtvLU43vj5hNZbMgkUu/6ZIkZwhLFeIVwLHiHkA96J+jHyqAzoEy9Fby/fK?= =?us-ascii?Q?6ypuzp3dB7aYHIdASb5rZY3CZCR1THbJndusDn51jeKEl4Skyo0ndKKwAsd2?= =?us-ascii?Q?fPVt81jzlPYP7wk0Ki9M6VSmL7v8fp1Eewr6ZlBElOaNoE/xGlUnzH3XQ/L7?= =?us-ascii?Q?83TJrzKtzmOLMKpWoU6a3GYu+LuCpZbXiuTNo/rS4eTQyLdq0hZVRBMMaein?= =?us-ascii?Q?ozi2s2TPDaFuID9G+Ap+skvE6w7bplrUdyt1EX2T3uK7dRKVvTSBg7b4Ofpx?= =?us-ascii?Q?vFxgAja8SZRmE+M5pyA4bpLRQtW7cKZY+WgCjB1jocJARBwuWRG3oLn2aUeO?= =?us-ascii?Q?aOgS+NlCRaBRA/RDwclxNPv8GpvhdnpP/83nYJW4G+oEBNYa4h/JdClGjZnQ?= =?us-ascii?Q?PYkPDVRHQVmuNAoMZZesNGDsV5WWbNjVwC5GGSDf3uH0XM62Ldmm2mvH438U?= =?us-ascii?Q?C3B/dsixOTIUaYS+hL/HYmtG5TQv3p6WqJrwfwAnez2tgdu4GaQJMxmeKtDU?= =?us-ascii?Q?wBIOjJ5wOFyNsT3jv/LeEUd+L8Oh/Ks2UFnfzyJBn2E5ZRq/ekGBmYw0eKBf?= =?us-ascii?Q?FfUqBhCFEBiKD43tUvdD6GTNnNcva+g6NoK2S92EH1OjbtO26MGoFMKe5ByW?= =?us-ascii?Q?IgMRMqcvcVGpH5Rb+9SK0IKFmk81DVEQHEvng58TIfeRkVaYDkwLpQIkZsiO?= =?us-ascii?Q?mpNPbnGpP1ASITuWunVYorA=3D?= Content-Type: multipart/alternative; boundary="_000_DM6PR10MB41241F954D9C9680F98B29E996EFADM6PR10MB4124namp_" MIME-Version: 1.0 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: aWP+86v9/oeM+8cnh2zcSp0ZC8P+G1uYgl7Fk/mSDsEqO9leCpzkjiL5Fcf0EnrMNHPYnJKtnioMTp1O+Qii7tKDOJTAeM9gGyiF5AuGzcvgR878gu+QQhtejBUHzPUICVtxYZyyMj5of30Qy2TCe/z6bHHQ8QoMMWQDZ51X4uIDwTxpuLQ0nWXT+MCt3KtQFGcy3Dx4YEwv9PAcRFVxewbvFwCnv+fv1NGld+4z+/UQKOLqGLYygvM9XH9tkGrgEfuCPlGQrDNUKdAv7Q2vyy50SVDrgmfDeBt53yI3cxMj49ixk4GOq7fMb9yY7UAQMPMz7sIRyo4tiAcUHrcvtdVVJH8S8AQjc5vqqRqP6P34vtDWf1FKHWqINaDredhXAIjiMhZUxKBYtNqeDknD0zRXMeA3rp8W3YLumg3r6/+/YjeDSDq/iTI/9Encp2dktwqqMRfaVf7ekksEjx7Fy43S8w1Ph0bd1e3LU9pKK5VMNgTVhiLrwkO6dKeVxyWB5Kmj6eC4D/fPqtd3qBMpTQAEwdwwM58+hA4w91fbiOmkioWxWzVcPz496xR2QSaM/n8QD1joChv/DGXvQSVI1RqS0pOChnEqSBAHqW/GXLc= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR10MB4124.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3032a2bb-9ce5-4258-dd2f-08de07ee851a X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2025 11:16:54.9748 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: PYjma0cw5NJEkvTmZRU5g629GiUcTcjyChSz1IQ7tJlafgpXjtRat7pjDuYX0FQNOjai+JAyoFM+UOfbD2hwFOZ3D9s4OR3losuxR7K6kWU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR10MB4674 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1117,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-10-10_02,2025-10-06_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 suspectscore=0 malwarescore=0 adultscore=0 phishscore=0 spamscore=0 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2510020000 definitions=main-2510100064 X-Authority-Analysis: v=2.4 cv=BLO+bVQG c=1 sm=1 tr=0 ts=68e8eb2a cx=c_pps a=OOZaFjgC48PWsiFpTAqLcw==:117 a=OOZaFjgC48PWsiFpTAqLcw==:17 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=x6icFKpwvdMA:10 a=GoEa3M9JfhUA:10 a=8rWy6zfcAAAA:8 a=5E8kPgZ7S4hNp0CaIKcA:9 a=CjuIK1q_8ugA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=DQwLulpNEZZlj4HYde8A:9 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 a=YjdVzJdQTyZRADMV7wFX:22 X-Proofpoint-ORIG-GUID: wQaM7g4V7E84hZC91cz2fNn7h4piAXQy X-Proofpoint-GUID: wQaM7g4V7E84hZC91cz2fNn7h4piAXQy X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMDA4MDEyMSBTYWx0ZWRfX+0K/1hycCSlm 2FnqVH8bwoT7HBowuYfpxf/o53hSaqxz4cBOPldmL6Pf1Z7aJwXZtg/Z239+xxj57hxwk8coayb r6lHyWS4zuuQe/CTDVHZjb7gik0Rudy1a2EMEb0IjuTiWWuWFzGwW8Nqy62iwcMAg7AxZwANQ/Z MTZXQggh5KSXgtYH/vvKQFt5FJVPWdEyr8Zrh6zMCN/zKuDlOFTAAUVtYsFep1XJ0aH9hUxZPFm CkdrQ4OyMYntpktw+RciVphrwZltqd+cZn7LbG8+8TJfhtxbj6Wskm6X51XrrvjXIiNv/dtmyh3 Qtt7WQ3JCHU3zuMWsCO9I5YtzNIFG0NZD+THz7xNwUdfWY+xrVFOJK5n8R1S2Q45TsqAEeOetSP UwihEOkbR+ie7d7u4PSOR1u9urbS1w== X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org --_000_DM6PR10MB41241F954D9C9680F98B29E996EFADM6PR10MB4124namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Team, While running Fortify static code analysis on our codebase, which uses DPDK= , we noticed some potential buffer overflow issues being flagged in DPDK li= brary calls. These seem like false positives at first glance, but we want t= o double-check with the community and maintainers to make sure there are no= hidden issues. Could you please review these findings or let us know if there are any know= n false positives related to this. I raised a Bug https://bugs.dpdk.org/sh= ow_bug.cgi?id=3D1748 for the same. here are the detailed Fortify reports with exact file paths and line number= s for your reference. ### Instance 1: rte_crypto.h Line 207 memset(op->asym, 0, sizeof(struct rte_crypto_asym_op)); Tool Description : The function __rte_crypto_op_reset() in rte_crypto.h wri= tes outside the bounds of asym on line 207, which could corrupt data, cause= the program to crash, or lead to the execution of malicious code. Analysis Trace rte_crypto.h:181 - Buffer asym Declared rte_crypto.h:207 - memset() Buffer Size: 0 bytes Write Length: 168 bytes ### Instance 2: rte_crypto_sym.h: 885 memset(op, 0, sizeof(*op)); Tool Description: The program writes outside the bounds of allocated memory= , which could corrupt data, crash the program, or lead to the execution of = malicious code. Analysis Trace rte_crypto.h:204 - Caller: __rte_crypto_op_reset Buffer Size: 0 rte_crypto_sym.h:885 - memset() Buffer Size: 0 bytes Write Length: 64 bytes [var 0] op.$offset: 0 ### Instance3: rte_lpm.h: 347 tbl24_indexes[i] =3D ips[i] >> 8; Tool Description: The function rte_lpm_lookup_bulk_func() in rte_lpm.h writ= es outside the bounds of tbl24_indexes on line 347, which could corrupt dat= a, cause the program to crash, or lead to the execution of malicious code. Analysis Trace rte_lpm.h:339 - Buffer tbl24_indexes Allocated rte_lpm.h:347 - Assignment to tbl24_indexes Buffer Size: 262143 bytes Write Length: 1048572 bytes [var 0] tbl24_indexes= .$offset: 0 [var 1] i: 262142 Thank you in advance for your support and guidance. Regards, Nagendra Confidential - Oracle Internal --_000_DM6PR10MB41241F954D9C9680F98B29E996EFADM6PR10MB4124namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Team,

 

While running Fortify static code analysis on our co= debase, which uses DPDK, we noticed some potential buffer overflow issues b= eing flagged in DPDK library calls. These seem like false positives at firs= t glance, but we want to double-check with the community and maintainers to make sure there are no hidden issues= .

 

Could you please review these findings or let us kno= w if there are any known false positives related to this. I raised a Bug &n= bsp;https://bugs.d= pdk.org/show_bug.cgi?id=3D1748 for the same.

 

here are the detailed Fortify reports with exact fil= e paths and line numbers for your reference.

### Instance 1:  rte_crypto.h Line 207<= /o:p>

memset(op->asym, 0, sizeof(struct rte_crypto_asym= _op));

 

Tool Description : The function __rte_crypto_op_rese= t() in rte_crypto.h writes outside the bounds of asym on line 207, which co= uld corrupt data, cause the program to crash, or lead to the execution of m= alicious code.

 

Analysis Trace

rte_crypto.h:181 - Buffer asym Declared

rte_crypto.h:207 - memset()

Buffer Size: 0 bytes Write Length: 168 bytes

 

### Instance 2: rte_crypto_sym.h: 885<= /b>

memset(op, 0, sizeof(*op));

Tool Description: The program writes outside the bou= nds of allocated memory, which could corrupt data, crash the program, or le= ad to the execution of malicious code.

Analysis Trace

rte_crypto.h:204 - Caller: __rte_crypto_op_reset

Buffer Size: 0

rte_crypto_sym.h:885 - memset()

Buffer Size: 0 bytes Write Length: 64 bytes [var 0] = op.$offset: 0

 

### Instance3: rte_lpm.h: 347

        &nbs= p;   tbl24_indexes[i] =3D ips[i] >> 8;

Tool Description: The function rte_lpm_lookup_bulk_f= unc() in rte_lpm.h writes outside the bounds of tbl24_indexes on line 347, = which could corrupt data, cause the program to crash, or lead to the execut= ion of malicious code.

Analysis Trace

rte_lpm.h:339 - Buffer tbl24_indexes Allocated<= /o:p>

rte_lpm.h:347 - Assignment to tbl24_indexes

Buffer Size: 262143 bytes Write Length: 1048572 byte= s [var 0] tbl24_indexes.$offset: 0 [var 1] i: 262142

Thank you in advance for your support and guidance.<= o:p>

Regards,
Nagendra

 


Confidential – Oracle Internal

--_000_DM6PR10MB41241F954D9C9680F98B29E996EFADM6PR10MB4124namp_--