DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH] ring: fix overflow in memory size calcuation
@ 2021-12-14  3:30 Zhihong Wang
  2021-12-15  8:01 ` Liang Ma
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Zhihong Wang @ 2021-12-14  3:30 UTC (permalink / raw)
  To: konstantin.ananyev, honnappa.nagarahalli, dev; +Cc: Zhihong Wang, stable

Parameters count and esize are both unsigned int, and their product can
legally exceed unsigned int and lead to runtime access violation.

Fixes: cc4b218790f6 ("ring: support configurable element size")
Cc: stable@dpdk.org

Signed-off-by: Zhihong Wang <wangzhihong.wzh@bytedance.com>
---
 lib/ring/rte_ring.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ring/rte_ring.c b/lib/ring/rte_ring.c
index f17bd966be..d1b80597af 100644
--- a/lib/ring/rte_ring.c
+++ b/lib/ring/rte_ring.c
@@ -75,7 +75,7 @@ rte_ring_get_memsize_elem(unsigned int esize, unsigned int count)
 		return -EINVAL;
 	}
 
-	sz = sizeof(struct rte_ring) + count * esize;
+	sz = sizeof(struct rte_ring) + (ssize_t)count * esize;
 	sz = RTE_ALIGN(sz, RTE_CACHE_LINE_SIZE);
 	return sz;
 }
-- 
2.11.0


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-02-05 17:21 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-14  3:30 [PATCH] ring: fix overflow in memory size calcuation Zhihong Wang
2021-12-15  8:01 ` Liang Ma
2021-12-15  8:32   ` Morten Brørup
2021-12-15 13:18 ` Ananyev, Konstantin
2022-02-05 17:21 ` David Marchand

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).