* [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members
@ 2021-03-30 14:07 wenwux.ma
2021-03-30 19:56 ` [dpdk-dev] [PATCH v2] " wenwux.ma
0 siblings, 1 reply; 2+ messages in thread
From: wenwux.ma @ 2021-03-30 14:07 UTC (permalink / raw)
To: olivier.matz; +Cc: dev, wenwu ma
From: wenwu ma <wenwux.ma@intel.com>
Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause null pointer access.
Signed-off-by: wenwu ma <wenwux.ma@intel.com>
---
lib/librte_mbuf/rte_mbuf.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..9cca9a7d4 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size != sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_data_room_size;
}
@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size != sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_priv_size;
}
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* [dpdk-dev] [PATCH v2] mbuf: Fix illegal pointer access to mempool members
2021-03-30 14:07 [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members wenwux.ma
@ 2021-03-30 19:56 ` wenwux.ma
0 siblings, 0 replies; 2+ messages in thread
From: wenwux.ma @ 2021-03-30 19:56 UTC (permalink / raw)
To: olivier.matz, dev; +Cc: wenwu ma
From: wenwu ma <wenwux.ma@intel.com>
Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause null pointer access.
Signed-off-by: wenwu ma <wenwux.ma@intel.com>
---
V2:
- Change the unequal sign in the judgment statement to less than sign
lib/librte_mbuf/rte_mbuf.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..6c2559550 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_data_room_size;
}
@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_priv_size;
}
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-30 8:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-30 14:07 [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members wenwux.ma
2021-03-30 19:56 ` [dpdk-dev] [PATCH v2] " wenwux.ma
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).