* [dpdk-dev] [app/test/test_cryptodev.c] setup_test_string() - buffer overflow, segfault
@ 2016-07-06 9:23 Catalin Vasile
0 siblings, 0 replies; only message in thread
From: Catalin Vasile @ 2016-07-06 9:23 UTC (permalink / raw)
To: dev
Hi,
I was trying to run cryptodev_aesni_mb_autotest with the "test" app.
I ran into an overflow which I think I debugged.
The initial symptom was at rte_mempool_lookup() called from rte_cryptodev_sym_session_pool_create(),
strncmp() went on a segfault, because "te"' 's members were NULL.
I set a watchpoint with gdb for that specific "te" memory location and it appears that it gets overwritten at memset() in setup_test_string().
If in setup_test_string() I add this code:
struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
int buf_len = rte_pktmbuf_data_room_size(mpool);
size_t t_len = len - (blocksize ? (len % blocksize) : 0);
printf("[SETUP STRING] m->buf_len = %d mpool->elt_size = %d room_size = %d\n ",
(int) m->buf_len, (int) mpool->elt_size, buf_len);
memset(m->buf_addr, 0, m->buf_len);
I get this output:
[SETUP STRING] m->buf_len = 2816 mpool->elt_size = 2496 room_size = 2368
I am not very sure what should be used in that memset() (I do not know the API that well), but buf_len seems bigger then an element size from that memory pool.
If I change that memset() to plain buf_len, the tests run completely.
Cata
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-07-06 9:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-06 9:23 [dpdk-dev] [app/test/test_cryptodev.c] setup_test_string() - buffer overflow, segfault Catalin Vasile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).