From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f50.google.com (mail-wm0-f50.google.com [74.125.82.50]) by dpdk.org (Postfix) with ESMTP id BA1438E8B for ; Mon, 20 Jun 2016 10:58:01 +0200 (CEST) Received: by mail-wm0-f50.google.com with SMTP id a66so68427530wme.0 for ; Mon, 20 Jun 2016 01:58:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:user-agent:in-reply-to :references:mime-version:content-transfer-encoding; bh=10C2DPuYm1RH3rwv0gmwmxw1Qgj0k9qQMIxAildmZdM=; b=i1435F4UCn58J9x1lZy2sFsULqqX0tdbZ7+jqA3kHc8tWi8piM7eelhmRQ4B9o6CAh EDtjl3h/Pzv57y4sgJNVsKpkgP3im8id4B1dhpswsoOii6eCt/c9IPHYfUhaucTZAKUH KtK74RitICVOfQMGE8URAfFSERQuVKnY9MfuIxsPZ3e078WuYezab+lMVak2qu72Xd/7 klWUBWZ9V4Ot/Q/4TO/+YCkfgwJzAXY+c1mA7h+7fMo6JiWydy+wqizgzj2KCryBSEu3 tADG/X6C6sL+HxRhCmIPgmAGm5KSzmylZFbGyXpHLKQR4Wjfxi+x57I8HMzcygMuA4mw YCmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:user-agent :in-reply-to:references:mime-version:content-transfer-encoding; bh=10C2DPuYm1RH3rwv0gmwmxw1Qgj0k9qQMIxAildmZdM=; b=j7ZllQXAvQYqQLONEX+0vslNUI35FCzigt3Tx2LkC7VuTh5MKVUtL9dL8IuQ2sxzY+ h/dBT1599ilM1PwuuA5ZpXhrD9dAGxsLo2pnMr9rVzy/GFf1XRz+avWcl11A1CdnML77 GFXmUVtLhR3dh2SL5SzvfoxKb3B4hJSntXPRIy6Cpaiw3+4x0fT1zWCu0i435yK4LrUJ fI0QravO+Epz09F4LYXslAVV8IBQAs7nbBAlUrRgOFMm/IhZ3XnpzHLav6pblE5DvOlg nZxMp1fhhOWfkhVFningyRnlbFP0VZMDi+lDRBbVaBzEpbJCcZMm7gXrpwEH9W1dGHiu ZHGA== X-Gm-Message-State: ALyK8tIbeKGz69N0NIa1Rwms3hCLf8gZg+GT4CsXVDq3DI5sTAaL1268EGcbQaovkx9Kjh1G X-Received: by 10.28.5.147 with SMTP id 141mr10660710wmf.48.1466413081252; Mon, 20 Jun 2016 01:58:01 -0700 (PDT) Received: from xps13.localnet (184.203.134.77.rev.sfr.net. [77.134.203.184]) by smtp.gmail.com with ESMTPSA id uq7sm62313060wjc.19.2016.06.20.01.58.00 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 20 Jun 2016 01:58:00 -0700 (PDT) From: Thomas Monjalon To: Sergio Gonzalez Monroy Cc: dev@dpdk.org Date: Mon, 20 Jun 2016 10:57:59 +0200 Message-ID: <1880209.krCoBmB9j2@xps13> User-Agent: KMail/4.14.10 (Linux/4.5.4-1-ARCH; KDE/4.14.11; x86_64; ; ) In-Reply-To: <1465927638-71892-1-git-send-email-sergio.gonzalez.monroy@intel.com> References: <1465927638-71892-1-git-send-email-sergio.gonzalez.monroy@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [dpdk-dev] [PATCH] mem: fix possible memzone integer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2016 08:58:01 -0000 2016-06-14 19:07, Sergio Gonzalez Monroy: > It is possible to get an integer overflow if we try to reserve a memzone > with len = 0 (meaning the maximum contiguous space available) and the > maximum available elem size is less than (MALLOC_ELEM_OVERHEAD + align). > > Issue reported by Coverity: > > >>> 10. overflow: Subtract operation overflows on operands len and > >>> 64UL. > >>> CID 107111 (#1 of 1): Overflowed return value (INTEGER_OVERFLOW) > >>> 11. overflow_sink: Overflowed or truncated value (or a value > >>> computed from an overflowed or truncated value) > >>> len - 64UL - align used as return value. > 122 return len - MALLOC_ELEM_OVERHEAD - align; > > Fixes: fafcc11985a2 ("mem: rework memzone to be allocated by malloc") > > Signed-off-by: Sergio Gonzalez Monroy Applied, thanks