[dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members

DPDK patches and discussions
 help / color / mirror / Atom feed

* [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members
@ 2021-03-30 14:07 wenwux.ma
  2021-03-30 19:56 ` [dpdk-dev] [PATCH v2] " wenwux.ma
  0 siblings, 1 reply; 2+ messages in thread
From: wenwux.ma @ 2021-03-30 14:07 UTC (permalink / raw)
  To: olivier.matz; +Cc: dev, wenwu ma

From: wenwu ma <wenwux.ma@intel.com>

Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause null pointer access.

Signed-off-by: wenwu ma <wenwux.ma@intel.com>
---
 lib/librte_mbuf/rte_mbuf.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..9cca9a7d4 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size != sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_data_room_size;
 }
@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size != sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_priv_size;
 }
-- 
2.25.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* [dpdk-dev] [PATCH v2] mbuf: Fix illegal pointer access to mempool members
  2021-03-30 14:07 [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members wenwux.ma
@ 2021-03-30 19:56 ` wenwux.ma
  0 siblings, 0 replies; 2+ messages in thread
From: wenwux.ma @ 2021-03-30 19:56 UTC (permalink / raw)
  To: olivier.matz, dev; +Cc: wenwu ma

From: wenwu ma <wenwux.ma@intel.com>

Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause null pointer access.

Signed-off-by: wenwu ma <wenwux.ma@intel.com>
---
V2:
 - Change the unequal sign in the judgment statement to less than sign

 lib/librte_mbuf/rte_mbuf.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..6c2559550 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_data_room_size;
 }
@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_priv_size;
 }
-- 
2.25.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-03-30  8:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-30 14:07 [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members wenwux.ma
2021-03-30 19:56 ` [dpdk-dev] [PATCH v2] " wenwux.ma

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).