From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id CA3F01B471 for ; Mon, 7 Jan 2019 09:57:21 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1A17BC057F38; Mon, 7 Jan 2019 08:57:21 +0000 (UTC) Received: from dmarchan.remote.csb (ovpn-117-97.ams2.redhat.com [10.36.117.97]) by smtp.corp.redhat.com (Postfix) with ESMTP id A6036600D6; Mon, 7 Jan 2019 08:57:19 +0000 (UTC) From: David Marchand To: dev@dpdk.org Cc: olivier.matz@6wind.com, yskoh@mellanox.com, arybchenko@solarflare.com, bernard.iremonger@intel.com, David Marchand Date: Mon, 7 Jan 2019 09:57:10 +0100 Message-Id: <1546851432-19397-2-git-send-email-david.marchand@redhat.com> In-Reply-To: <1546851432-19397-1-git-send-email-david.marchand@redhat.com> References: <1546851432-19397-1-git-send-email-david.marchand@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Mon, 07 Jan 2019 08:57:21 +0000 (UTC) Subject: [dpdk-dev] [PATCH v2 1/3] mbuf: add sanity checks on segment metadata X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jan 2019 08:57:22 -0000 From: David Marchand Add some basic checks on the segments offset and length metadata: always funny to have a < 0 tailroom cast to uint16_t ;-). Signed-off-by: David Marchand Signed-off-by: David Marchand Acked-by: Olivier Matz --- lib/librte_mbuf/rte_mbuf.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c index 9790b4f..3bbd3f5 100644 --- a/lib/librte_mbuf/rte_mbuf.c +++ b/lib/librte_mbuf/rte_mbuf.c @@ -200,6 +200,10 @@ struct rte_mempool * pkt_len = m->pkt_len; do { + if (m->data_off > m->buf_len) + rte_panic("data offset too big in mbuf segment\n"); + if (m->data_off + m->data_len > m->buf_len) + rte_panic("data length too big in mbuf segment\n"); nb_segs -= 1; pkt_len -= m->data_len; } while ((m = m->next) != NULL); -- 1.8.3.1