From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ernst.netinsight.se (ernst.netinsight.se [194.16.221.21]) by dpdk.org (Postfix) with SMTP id EF14D2A5B for ; Fri, 16 Oct 2015 10:49:26 +0200 (CEST) Received: from [10.100.1.152] (unverified [10.100.1.152]) by ernst.netinsight.se (EMWAC SMTPRS 0.83) with SMTP id ; Fri, 16 Oct 2015 10:49:21 +0200 To: cristian.dumitrescu@intel.com, dev@dpdk.org From: =?UTF-8?Q?Simon_K=c3=a5gstr=c3=b6m?= Message-ID: <5620BA12.9060702@netinsight.net> Date: Fri, 16 Oct 2015 10:49:22 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: [dpdk-dev] Unsafe array accesses in rte_sched.c X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Oct 2015 08:49:27 -0000 Hi! I'm investigating DPDK support for pacing output streams and trying to understand the QoS framework. However, I quickly found some instances of unsafe array accesses. E.g., the rte_sched_port_config_qsize function looks like this: static void rte_sched_port_config_qsize(struct rte_sched_port *port) { /* TC 0 */ port->qsize_add[0] = 0; port->qsize_add[1] = port->qsize_add[0] + port->qsize[0]; port->qsize_add[2] = port->qsize_add[1] + port->qsize[0]; port->qsize_add[3] = port->qsize_add[2] + port->qsize[0]; [...] /* TC 3 */ port->qsize_add[12] = port->qsize_add[11] + port->qsize[2]; port->qsize_add[13] = port->qsize_add[12] + port->qsize[3]; port->qsize_add[14] = port->qsize_add[13] + port->qsize[3]; port->qsize_add[15] = port->qsize_add[14] + port->qsize[3]; port->qsize_sum = port->qsize_add[15] + port->qsize[3]; } but port->qsize is actually defined as uint16_t qsize[RTE_SCHED_TRAFFIC_CLASSES_PER_PIPE]; There are similar problems in rte_sched_port_log_pipe_profile() and probably other places. I don't understand the code well enough to send patches for these, although the fixes should be fairly trivial. Perhaps this is already known as it should be fairly easy to trigger with static checkers? // Simon