From: "Zhang, Tianfei" <tianfei.zhang@intel.com>
To: "Huang, Wei" <wei.huang@intel.com>, "dev@dpdk.org" <dev@dpdk.org>,
"Xu, Rosen" <rosen.xu@intel.com>,
"Zhang, Qi Z" <qi.z.zhang@intel.com>
Cc: "stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH v1 1/4] raw/ifpga/base: use trusted buffer to free
Date: Thu, 1 Apr 2021 07:46:27 +0000 [thread overview]
Message-ID: <DM6PR11MB3131FB94B2D090E2E9FFCD6FE37B9@DM6PR11MB3131.namprd11.prod.outlook.com> (raw)
In-Reply-To: <1615969296-17021-2-git-send-email-wei.huang@intel.com>
> -----Original Message-----
> From: Huang, Wei <wei.huang@intel.com>
> Sent: 2021年3月17日 16:22
> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
> <qi.z.zhang@intel.com>
> Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>; Huang, Wei
> <wei.huang@intel.com>
> Subject: [PATCH v1 1/4] raw/ifpga/base: use trusted buffer to free
>
> In write_flash_image(), calling function "read" may taints variable "buf" which
> turn to an untrusted value as argument of "rte_free".
>
> Coverity issue: 367477
> Fixes: 7a4f3993f269 ("raw/ifpga: add FPGA RSU APIs")
>
> Signed-off-by: Wei Huang <wei.huang@intel.com>
> ---
> drivers/raw/ifpga/base/ifpga_fme_rsu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/raw/ifpga/base/ifpga_fme_rsu.c
> b/drivers/raw/ifpga/base/ifpga_fme_rsu.c
> index 28198abd78..d32f1eccb1 100644
> --- a/drivers/raw/ifpga/base/ifpga_fme_rsu.c
> +++ b/drivers/raw/ifpga/base/ifpga_fme_rsu.c
> @@ -92,6 +92,7 @@ static int write_flash_image(struct ifpga_sec_mgr *smgr,
> const char *image,
> uint32_t offset)
> {
> void *buf = NULL;
> + void *buf_to_free = NULL;
> int retry = 0;
> uint32_t length = 0;
> uint32_t to_transfer = 0;
> @@ -122,6 +123,7 @@ static int write_flash_image(struct ifpga_sec_mgr
> *smgr, const char *image,
> close(fd);
> return -ENOMEM;
> }
> + buf_to_free = buf;
>
> length = smgr->rsu_length;
> one_percent = length / 100;
> @@ -177,7 +179,7 @@ static int write_flash_image(struct ifpga_sec_mgr
> *smgr, const char *image,
> printf("\n");
>
> end:
> - free(buf);
> + free(buf_to_free);
> close(fd);
> return ret;
> }
Acked-by: Tianfei zhang <Tianfei.zhang@intel.com>
> --
> 2.29.2
next prev parent reply other threads:[~2021-04-01 7:46 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-17 8:21 [dpdk-dev] [PATCH v1 0/4] Fix coverity issues reported in DPDK-26380 Wei Huang
2021-03-17 8:21 ` [dpdk-dev] [PATCH v1 1/4] raw/ifpga/base: use trusted buffer to free Wei Huang
2021-04-01 7:46 ` Zhang, Tianfei [this message]
2021-04-01 8:47 ` Xu, Rosen
2021-04-07 13:59 ` [dpdk-dev] [dpdk-stable] " Ferruh Yigit
2021-03-17 8:21 ` [dpdk-dev] [PATCH v1 2/4] raw/ifpga/base: check return value of lseek Wei Huang
2021-04-01 7:46 ` Zhang, Tianfei
2021-04-01 8:47 ` Xu, Rosen
2021-03-17 8:21 ` [dpdk-dev] [PATCH v1 3/4] raw/ifpga/base: assign unsigned value to length Wei Huang
2021-04-01 7:47 ` Zhang, Tianfei
2021-04-01 8:47 ` Xu, Rosen
2021-03-17 8:21 ` [dpdk-dev] [PATCH v1 4/4] raw/ifpga/base: check pointer before dereferencing Wei Huang
2021-04-01 7:47 ` Zhang, Tianfei
2021-04-01 8:48 ` Xu, Rosen
2021-04-01 11:50 ` [dpdk-dev] [PATCH v1 0/4] Fix coverity issues reported in DPDK-26380 Zhang, Qi Z
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM6PR11MB3131FB94B2D090E2E9FFCD6FE37B9@DM6PR11MB3131.namprd11.prod.outlook.com \
--to=tianfei.zhang@intel.com \
--cc=dev@dpdk.org \
--cc=qi.z.zhang@intel.com \
--cc=rosen.xu@intel.com \
--cc=stable@dpdk.org \
--cc=wei.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).