From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 9304F682B for ; Tue, 14 Jun 2016 10:06:49 +0200 (CEST) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga101.fm.intel.com with ESMTP; 14 Jun 2016 01:06:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,470,1459839600"; d="scan'208";a="997169170" Received: from gklab-246-019.igk.intel.com (HELO intel.com) ([10.217.246.19]) by orsmga002.jf.intel.com with SMTP; 14 Jun 2016 01:06:45 -0700 Received: by intel.com (sSMTP sendmail emulation); Tue, 14 Jun 2016 11:02:39 +0200 From: Slawomir Mrozowicz To: david.marchand@6wind.com Cc: dev@dpdk.org, Slawomir Mrozowicz Date: Tue, 14 Jun 2016 11:02:36 +0200 Message-Id: <1465894956-14016-1-git-send-email-slawomirx.mrozowicz@intel.com> X-Mailer: git-send-email 1.9.1 Subject: [dpdk-dev] [PATCH v3] eal: out-of-bounds write X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2016 08:06:50 -0000 Overrunning array mcfg->memseg of 256 44-byte elements at element index 257 using index j. Fixed by add condition with message information. Fixes: af75078fece3 ("first public release") Coverity ID 13282 Signed-off-by: Slawomir Mrozowicz --- lib/librte_eal/linuxapp/eal/eal_memory.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c index 5b9132c..6a2daf5 100644 --- a/lib/librte_eal/linuxapp/eal/eal_memory.c +++ b/lib/librte_eal/linuxapp/eal/eal_memory.c @@ -1301,6 +1301,15 @@ rte_eal_hugepage_init(void) break; } + if (j >= RTE_MAX_MEMSEG) { + RTE_LOG(ERR, EAL, + "Failed: all memsegs used by ivshmem.\n" + "Current %d is not enough.\n" + "Please either increase the RTE_MAX_MEMSEG\n", + RTE_MAX_MEMSEG); + return -ENOMEM; + } + for (i = 0; i < nr_hugefiles; i++) { new_memseg = 0; @@ -1333,8 +1342,14 @@ rte_eal_hugepage_init(void) if (new_memseg) { j += 1; - if (j == RTE_MAX_MEMSEG) - break; + if (j >= RTE_MAX_MEMSEG) { + RTE_LOG(ERR, EAL, + "Failed: all memsegs used by ivshmem.\n" + "Current %d is not enough.\n" + "Please either increase the RTE_MAX_MEMSEG\n", + RTE_MAX_MEMSEG); + return -ENOMEM; + } mcfg->memseg[j].phys_addr = hugepage[i].physaddr; mcfg->memseg[j].addr = hugepage[i].final_va; -- 1.9.1