From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id DA8536C9C for ; Tue, 14 Jun 2016 11:26:42 +0200 (CEST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga104.fm.intel.com with ESMTP; 14 Jun 2016 02:26:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,470,1459839600"; d="scan'208";a="718759500" Received: from smonroyx-mobl.ger.corp.intel.com (HELO [10.237.221.51]) ([10.237.221.51]) by FMSMGA003.fm.intel.com with ESMTP; 14 Jun 2016 02:26:41 -0700 To: Slawomir Mrozowicz , david.marchand@6wind.com References: <1465894956-14016-1-git-send-email-slawomirx.mrozowicz@intel.com> Cc: dev@dpdk.org From: Sergio Gonzalez Monroy Message-ID: <632ca0d5-86a2-6c7f-f9b1-14ca95633bdc@intel.com> Date: Tue, 14 Jun 2016 10:26:40 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <1465894956-14016-1-git-send-email-slawomirx.mrozowicz@intel.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH v3] eal: out-of-bounds write X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2016 09:26:43 -0000 On 14/06/2016 10:02, Slawomir Mrozowicz wrote: > Overrunning array mcfg->memseg of 256 44-byte elements > at element index 257 using index j. > Fixed by add condition with message information. > > Fixes: af75078fece3 ("first public release") > Coverity ID 13282 > > Signed-off-by: Slawomir Mrozowicz > --- > lib/librte_eal/linuxapp/eal/eal_memory.c | 19 +++++++++++++++++-- > 1 file changed, 17 insertions(+), 2 deletions(-) > > diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c > index 5b9132c..6a2daf5 100644 > --- a/lib/librte_eal/linuxapp/eal/eal_memory.c > +++ b/lib/librte_eal/linuxapp/eal/eal_memory.c > @@ -1301,6 +1301,15 @@ rte_eal_hugepage_init(void) > break; > } > > + if (j >= RTE_MAX_MEMSEG) { > + RTE_LOG(ERR, EAL, > + "Failed: all memsegs used by ivshmem.\n" > + "Current %d is not enough.\n" > + "Please either increase the RTE_MAX_MEMSEG\n", > + RTE_MAX_MEMSEG); > + return -ENOMEM; > + } > + > for (i = 0; i < nr_hugefiles; i++) { > new_memseg = 0; > > @@ -1333,8 +1342,14 @@ rte_eal_hugepage_init(void) > > if (new_memseg) { > j += 1; > - if (j == RTE_MAX_MEMSEG) > - break; > + if (j >= RTE_MAX_MEMSEG) { > + RTE_LOG(ERR, EAL, > + "Failed: all memsegs used by ivshmem.\n" > + "Current %d is not enough.\n" > + "Please either increase the RTE_MAX_MEMSEG\n", > + RTE_MAX_MEMSEG); > + return -ENOMEM; > + } > I don't think you need to change anything inside the for loop. As it is in the patch, the error message is not accurate. What I tried to say in my previous review was to not touch the loop and just do the check before the loop. There is an error message after the loop which is correct for all cases except the case this patch is addressing by checking before the loop. Sergio > mcfg->memseg[j].phys_addr = hugepage[i].physaddr; > mcfg->memseg[j].addr = hugepage[i].final_va;