From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 10DF8A0A02;
	Tue, 27 Apr 2021 15:57:36 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id E732341254;
	Tue, 27 Apr 2021 15:57:31 +0200 (CEST)
Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com
 [209.85.128.53]) by mails.dpdk.org (Postfix) with ESMTP id D128841243
 for <dev@dpdk.org>; Tue, 27 Apr 2021 15:57:29 +0200 (CEST)
Received: by mail-wm1-f53.google.com with SMTP id
 p6-20020a05600c3586b029014131bbe5c7so3920808wmq.3
 for <dev@dpdk.org>; Tue, 27 Apr 2021 06:57:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind.com; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=VfINqeiD86YITRTtfagZANV36qf1rp6DiIOWtDCBBSE=;
 b=XBqWUAQc3ySx8UIvb/OD2xx02WrSc3ZEI8iLzBCAhNYfi0PZfteHvawvu2751I2sKP
 kitaxB40mGTZNnsAMIohZlIOEGxCW0fr0aGjh/Kirh9DZSRBgkIpdYLcwzUwyaYbUkQB
 wW22ojnaIlN19qRZHXSOGQrFW0YtPah3KhTo2n2IfzTkfuGQLLfb9jLvF1D+5vuPrCNG
 gqF6saaPtd6s8LHbO97+L7ERDN5V9obrNx0MvXC89gx67+YYFZ90n5AdMChldl11cQ5d
 noG+7y4Ofl9qtg3P4XTfNkEufkw37wNsxC04onYNcIYfR9uX1Hn/Hi5D3MvOwddFBGbL
 HRAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=VfINqeiD86YITRTtfagZANV36qf1rp6DiIOWtDCBBSE=;
 b=AaLc9H1PqNlertLMA5zAcOm/gDrlXlTSp6BmNNMHORDSfDQa5kapaFMDXMgnyBXqhs
 1ey3T68okcw2T4YRzQ8VkAYZqa8s1hLxscZvN/RFie37RrgsRTNpVdG781mHi0keErsg
 HPEoYp5w/p7AijKUKDdHmNgCp8PjKfrCJzFc95X5if1JxGFsGkhUoBR5WlFgzoHsbKNY
 yRKvjI506v29h2iM6gppYzkhtoQ2WH2KBU7oHbN3EW1YhALE/EVFHAAyWFpqlm3Me7o9
 QxdiFwwzwkN5Vo3+2r3A76CXOhdh904PFaY6UY38qSxW+QUk0banqOKqtYl7giN+MPqu
 mb+A==
X-Gm-Message-State: AOAM533AYXlyUoqD8oNWJiPK1vhxMkWl4L5aB03Pfmt45Hg3t5n1yeTW
 9T/7bD4wKpaqgXKpBrYmB/KWloxtEeIGfA==
X-Google-Smtp-Source: ABdhPJwgKe75WLuDsjMmhtnW7K+4F+z5STCOf85nvABnnuA6gIHOvn1gjaOhpNCqs8KnibrnEej2AA==
X-Received: by 2002:a7b:cd85:: with SMTP id y5mr4492087wmj.93.1619531848815;
 Tue, 27 Apr 2021 06:57:28 -0700 (PDT)
Received: from gojira.dev.6wind.com (host.78.145.23.62.rev.coltfrance.com.
 [62.23.145.78])
 by smtp.gmail.com with ESMTPSA id m14sm11760341wmi.39.2021.04.27.06.57.28
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 27 Apr 2021 06:57:28 -0700 (PDT)
From: Olivier Matz <olivier.matz@6wind.com>
To: dev@dpdk.org
Cc: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>,
 Pallantla Poornima <pallantlax.poornima@intel.com>,
 Wenwu Ma <wenwux.ma@intel.com>, Peng Zhihong <zhihongx.peng@intel.com>,
 Aaron Conole <aconole@redhat.com>, Thomas Monjalon <thomas@monjalon.net>,
 stable@dpdk.org
Date: Tue, 27 Apr 2021 15:56:45 +0200
Message-Id: <20210427135646.871-1-olivier.matz@6wind.com>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20210413200513.330399-1-wenwux.ma@intel.com>
References: <20210413200513.330399-1-wenwux.ma@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-dev] [PATCH v3 1/2] test/mempool: fix heap buffer overflow
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

The function rte_pktmbuf_init() expects that the mempool private area is
large enough and was previously initialized by rte_pktmbuf_pool_init(),
which is not the case.

This causes the function rte_pktmbuf_priv_size() to return an
unpredictable value, and this value is used as a size in a memset.

Replace the mempool object initializer by my_obj_init(), which does not
have this constraint, and fits the needs for this test.

Fixes: 923ceaeac140 ("test/mempool: add unit test cases")
Cc: stable@dpdk.org

Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
 app/test/test_mempool.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/test/test_mempool.c b/app/test/test_mempool.c
index 084842fdaa..3adadd6731 100644
--- a/app/test/test_mempool.c
+++ b/app/test/test_mempool.c
@@ -552,7 +552,7 @@ test_mempool(void)
 		GOTO_ERR(ret, err);
 
 	/* test to initialize mempool objects and memory */
-	nb_objs = rte_mempool_obj_iter(mp_stack_mempool_iter, rte_pktmbuf_init,
+	nb_objs = rte_mempool_obj_iter(mp_stack_mempool_iter, my_obj_init,
 			NULL);
 	if (nb_objs == 0)
 		GOTO_ERR(ret, err);
-- 
2.29.2