From: "Zhang, Tianfei" <tianfei.zhang@intel.com> To: "Huang, Wei" <wei.huang@intel.com>, "dev@dpdk.org" <dev@dpdk.org>, "Xu, Rosen" <rosen.xu@intel.com>, "Zhang, Qi Z" <qi.z.zhang@intel.com> Cc: "stable@dpdk.org" <stable@dpdk.org> Subject: Re: [dpdk-dev] [PATCH v1 1/4] raw/ifpga/base: use trusted buffer to free Date: Thu, 1 Apr 2021 07:46:27 +0000 Message-ID: <DM6PR11MB3131FB94B2D090E2E9FFCD6FE37B9@DM6PR11MB3131.namprd11.prod.outlook.com> (raw) In-Reply-To: <1615969296-17021-2-git-send-email-wei.huang@intel.com> > -----Original Message----- > From: Huang, Wei <wei.huang@intel.com> > Sent: 2021年3月17日 16:22 > To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z > <qi.z.zhang@intel.com> > Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>; Huang, Wei > <wei.huang@intel.com> > Subject: [PATCH v1 1/4] raw/ifpga/base: use trusted buffer to free > > In write_flash_image(), calling function "read" may taints variable "buf" which > turn to an untrusted value as argument of "rte_free". > > Coverity issue: 367477 > Fixes: 7a4f3993f269 ("raw/ifpga: add FPGA RSU APIs") > > Signed-off-by: Wei Huang <wei.huang@intel.com> > --- > drivers/raw/ifpga/base/ifpga_fme_rsu.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/raw/ifpga/base/ifpga_fme_rsu.c > b/drivers/raw/ifpga/base/ifpga_fme_rsu.c > index 28198abd78..d32f1eccb1 100644 > --- a/drivers/raw/ifpga/base/ifpga_fme_rsu.c > +++ b/drivers/raw/ifpga/base/ifpga_fme_rsu.c > @@ -92,6 +92,7 @@ static int write_flash_image(struct ifpga_sec_mgr *smgr, > const char *image, > uint32_t offset) > { > void *buf = NULL; > + void *buf_to_free = NULL; > int retry = 0; > uint32_t length = 0; > uint32_t to_transfer = 0; > @@ -122,6 +123,7 @@ static int write_flash_image(struct ifpga_sec_mgr > *smgr, const char *image, > close(fd); > return -ENOMEM; > } > + buf_to_free = buf; > > length = smgr->rsu_length; > one_percent = length / 100; > @@ -177,7 +179,7 @@ static int write_flash_image(struct ifpga_sec_mgr > *smgr, const char *image, > printf("\n"); > > end: > - free(buf); > + free(buf_to_free); > close(fd); > return ret; > } Acked-by: Tianfei zhang <Tianfei.zhang@intel.com> > -- > 2.29.2
next prev parent reply other threads:[~2021-04-01 7:46 UTC|newest] Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-17 8:21 [dpdk-dev] [PATCH v1 0/4] Fix coverity issues reported in DPDK-26380 Wei Huang 2021-03-17 8:21 ` [dpdk-dev] [PATCH v1 1/4] raw/ifpga/base: use trusted buffer to free Wei Huang 2021-04-01 7:46 ` Zhang, Tianfei [this message] 2021-04-01 8:47 ` Xu, Rosen 2021-04-07 13:59 ` [dpdk-dev] [dpdk-stable] " Ferruh Yigit 2021-03-17 8:21 ` [dpdk-dev] [PATCH v1 2/4] raw/ifpga/base: check return value of lseek Wei Huang 2021-04-01 7:46 ` Zhang, Tianfei 2021-04-01 8:47 ` Xu, Rosen 2021-03-17 8:21 ` [dpdk-dev] [PATCH v1 3/4] raw/ifpga/base: assign unsigned value to length Wei Huang 2021-04-01 7:47 ` Zhang, Tianfei 2021-04-01 8:47 ` Xu, Rosen 2021-03-17 8:21 ` [dpdk-dev] [PATCH v1 4/4] raw/ifpga/base: check pointer before dereferencing Wei Huang 2021-04-01 7:47 ` Zhang, Tianfei 2021-04-01 8:48 ` Xu, Rosen 2021-04-01 11:50 ` [dpdk-dev] [PATCH v1 0/4] Fix coverity issues reported in DPDK-26380 Zhang, Qi Z
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=DM6PR11MB3131FB94B2D090E2E9FFCD6FE37B9@DM6PR11MB3131.namprd11.prod.outlook.com \ --to=tianfei.zhang@intel.com \ --cc=dev@dpdk.org \ --cc=qi.z.zhang@intel.com \ --cc=rosen.xu@intel.com \ --cc=stable@dpdk.org \ --cc=wei.huang@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
DPDK patches and discussions This inbox may be cloned and mirrored by anyone: git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \ dev@dpdk.org public-inbox-index dev Example config snippet for mirrors. Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.dev AGPL code for this site: git clone https://public-inbox.org/public-inbox.git