From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <slawomirx.mrozowicz@intel.com>
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by dpdk.org (Postfix) with ESMTP id 1D3EBC66A
 for <dev@dpdk.org>; Thu, 16 Jun 2016 15:52:31 +0200 (CEST)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by orsmga102.jf.intel.com with ESMTP; 16 Jun 2016 06:52:13 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.26,480,1459839600"; d="scan'208";a="977043185"
Received: from gklab-246-019.igk.intel.com (HELO intel.com) ([10.217.246.19])
 by orsmga001.jf.intel.com with SMTP; 16 Jun 2016 06:52:12 -0700
Received: by intel.com (sSMTP sendmail emulation);
 Thu, 16 Jun 2016 16:52:21 +0200
From: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
To: david.marchand@6wind.com
Cc: dev@dpdk.org,
	Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Date: Thu, 16 Jun 2016 16:52:18 +0200
Message-Id: <1466088738-16990-1-git-send-email-slawomirx.mrozowicz@intel.com>
X-Mailer: git-send-email 1.9.1
Subject: [dpdk-dev] [PATCH v5] eal: out-of-bounds write
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2016 13:52:32 -0000

Overrunning array mcfg->memseg of 256 44-byte elements
at element index 257 using index j.
Fixed by add condition with message information.

Fixes: af75078fece3 ("first public release")
Coverity ID 13282

Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
---
v5:
- update message
v4:
- remove check condition from loop
v3:
- add check condition inside and outside the loop
v2:
- add message information
---
 lib/librte_eal/linuxapp/eal/eal_memory.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c
index 5b9132c..ffe069c 100644
--- a/lib/librte_eal/linuxapp/eal/eal_memory.c
+++ b/lib/librte_eal/linuxapp/eal/eal_memory.c
@@ -1301,6 +1301,14 @@ rte_eal_hugepage_init(void)
 			break;
 		}
 
+	if (j >= RTE_MAX_MEMSEG) {
+		RTE_LOG(ERR, EAL,
+			"All memory segments exhausted by IVSHMEM. "
+			"Try recompiling with larger RTE_MAX_MEMSEG "
+			"then current %d\n", RTE_MAX_MEMSEG);
+		return -ENOMEM;
+	}
+
 	for (i = 0; i < nr_hugefiles; i++) {
 		new_memseg = 0;
 
-- 
1.9.1