From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 034002952 for ; Thu, 11 May 2017 13:42:25 +0200 (CEST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 32674448D60; Thu, 11 May 2017 11:42:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 32674448D60 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=jfreiman@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 32674448D60 Received: from localhost (dhcp-192-218.str.redhat.com [10.33.192.218]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CC9015DD6C; Thu, 11 May 2017 11:42:23 +0000 (UTC) Date: Thu, 11 May 2017 13:42:22 +0200 From: Jens Freimann To: Dariusz Stojaczyk Cc: dev@dpdk.org Message-ID: <20170511114222.y7r2ifehoxej3iu5@dhcp-192-218.str.redhat.com> References: <1494498209-77217-1-git-send-email-dariuszx.stojaczyk@intel.com> <1494500208-78788-1-git-send-email-dariuszx.stojaczyk@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1494500208-78788-1-git-send-email-dariuszx.stojaczyk@intel.com> User-Agent: NeoMutt/20170428 (1.8.2) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 11 May 2017 11:42:24 +0000 (UTC) Subject: Re: [dpdk-dev] [PATCH v2 1/3] vhost: fix malloc in rte_vhost_get_mem_table X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2017 11:42:25 -0000 On Thu, May 11, 2017 at 12:56:46PM +0200, Dariusz Stojaczyk wrote: > Amount of allocated memory was too small, causing buffer overflow. > > Signed-off-by: Dariusz Stojaczyk > --- > Removed Gerrit Change-Id > lib/librte_vhost/vhost.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c > index 0b19d2e..1f565fb 100644 > --- a/lib/librte_vhost/vhost.c > +++ b/lib/librte_vhost/vhost.c > @@ -369,7 +369,7 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem) > return -1; > > size = dev->mem->nregions * sizeof(struct rte_vhost_mem_region); > - m = malloc(size); > + m = malloc(sizeof(struct rte_vhost_memory) + size); Why not just add it to the line above where size is calculated? With that changed, Reviewed-by: Jens Freimann regards, Jens