From: Qi Zhang <qi.z.zhang@intel.com>
To: adrien.mazarguil@6wind.com
Cc: yuan.peng@intel.com, wei.zhao1@intel.com, dev@dpdk.org,
Qi Zhang <qi.z.zhang@intel.com>
Subject: [dpdk-dev] [PATCH] app/testpmd: fix invalid memory access
Date: Mon, 7 May 2018 17:50:44 +0800 [thread overview]
Message-ID: <20180507095044.48038-1-qi.z.zhang@intel.com> (raw)
When calulate memory size of an RTE_FLOW_ITEM_TYPE_RAW 's mask
mask->length is not the real size of binary pattern, it should take
spec->length, or memory size will be over counted (0xffff) and invalid
memory be access during following memcpy.
Fixes: d0ad8648b1c5 ("app/testpmd: fix RSS flow action configuration")
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
---
app/test-pmd/config.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c
index 16fc481ce..bcaf429c4 100644
--- a/app/test-pmd/config.c
+++ b/app/test-pmd/config.c
@@ -1077,7 +1077,8 @@ flow_item_spec_copy(void *buf, const struct rte_flow_item *item,
dst.raw = buf;
off = RTE_ALIGN_CEIL(sizeof(struct rte_flow_item_raw),
sizeof(*src.raw->pattern));
- size = off + src.raw->length * sizeof(*src.raw->pattern);
+ size = off + ((const struct rte_flow_item_raw *)item->spec)->
+ length * sizeof(*src.raw->pattern);
if (dst.raw) {
memcpy(dst.raw, src.raw, sizeof(*src.raw));
dst.raw->pattern = memcpy((uint8_t *)dst.raw + off,
--
2.13.6
next reply other threads:[~2018-05-07 9:50 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-07 9:50 Qi Zhang [this message]
2018-05-08 6:24 ` Zhao1, Wei
2018-05-08 8:31 ` Zhang, Qi Z
2018-05-09 13:58 ` Thomas Monjalon
2021-10-12 7:36 skori
2021-10-12 7:50 ` Li, Xiaoyun
2021-10-12 8:21 ` Sunil Kumar Kori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180507095044.48038-1-qi.z.zhang@intel.com \
--to=qi.z.zhang@intel.com \
--cc=adrien.mazarguil@6wind.com \
--cc=dev@dpdk.org \
--cc=wei.zhao1@intel.com \
--cc=yuan.peng@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).