DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] net/e1000: fix memcpy length error
@ 2017-09-12 12:44 Yong Wang
  2017-09-19  9:16 ` Ferruh Yigit
  0 siblings, 1 reply; 3+ messages in thread
From: Yong Wang @ 2017-09-12 12:44 UTC (permalink / raw)
  To: wenzhuo.lu; +Cc: dev, Yong Wang

The size of "flex_filter.filter_info.mask" and "filter->mask" is 16
bytes, but the length of memcpy--"RTE_ALIGN(filter->len, sizeof(char))
/ sizeof(char)" may reach 128 bytes which may cause array access out
of bound. Fix it by replacing "sizeof(char)" by "CHAR_BIT".

Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
---
 drivers/net/e1000/igb_ethdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/e1000/igb_ethdev.c b/drivers/net/e1000/igb_ethdev.c
index e4f7a9f..8078a1e 100644
--- a/drivers/net/e1000/igb_ethdev.c
+++ b/drivers/net/e1000/igb_ethdev.c
@@ -4094,7 +4094,7 @@ static void igbvf_set_vfta_all(struct rte_eth_dev *dev, bool on)
 	flex_filter.filter_info.priority = filter->priority;
 	memcpy(flex_filter.filter_info.dwords, filter->bytes, filter->len);
 	memcpy(flex_filter.filter_info.mask, filter->mask,
-			RTE_ALIGN(filter->len, sizeof(char)) / sizeof(char));
+			RTE_ALIGN(filter->len, CHAR_BIT) / CHAR_BIT);
 
 	it = eth_igb_flex_filter_lookup(&filter_info->flex_list,
 				&flex_filter.filter_info);
-- 
1.8.3.1

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH] net/e1000: fix memcpy length error
  2017-09-12 12:44 [dpdk-dev] [PATCH] net/e1000: fix memcpy length error Yong Wang
@ 2017-09-19  9:16 ` Ferruh Yigit
  2017-09-19  9:32   ` Ferruh Yigit
  0 siblings, 1 reply; 3+ messages in thread
From: Ferruh Yigit @ 2017-09-19  9:16 UTC (permalink / raw)
  To: Yong Wang, wenzhuo.lu; +Cc: dev

On 9/12/2017 1:44 PM, Yong Wang wrote:
> The size of "flex_filter.filter_info.mask" and "filter->mask" is 16
> bytes, but the length of memcpy--"RTE_ALIGN(filter->len, sizeof(char))
> / sizeof(char)" may reach 128 bytes which may cause array access out
> of bound. Fix it by replacing "sizeof(char)" by "CHAR_BIT".
> 
> Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>

Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH] net/e1000: fix memcpy length error
  2017-09-19  9:16 ` Ferruh Yigit
@ 2017-09-19  9:32   ` Ferruh Yigit
  0 siblings, 0 replies; 3+ messages in thread
From: Ferruh Yigit @ 2017-09-19  9:32 UTC (permalink / raw)
  To: Yong Wang, wenzhuo.lu; +Cc: dev

On 9/19/2017 10:16 AM, Ferruh Yigit wrote:
> On 9/12/2017 1:44 PM, Yong Wang wrote:
>> The size of "flex_filter.filter_info.mask" and "filter->mask" is 16
>> bytes, but the length of memcpy--"RTE_ALIGN(filter->len, sizeof(char))
>> / sizeof(char)" may reach 128 bytes which may cause array access out
>> of bound. Fix it by replacing "sizeof(char)" by "CHAR_BIT".
>>
>> Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
> 
> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

Applied to dpdk-next-net/master, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-09-19  9:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-12 12:44 [dpdk-dev] [PATCH] net/e1000: fix memcpy length error Yong Wang
2017-09-19  9:16 ` Ferruh Yigit
2017-09-19  9:32   ` Ferruh Yigit

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).