From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id B48B714EC for ; Thu, 11 May 2017 14:32:43 +0200 (CEST) Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 May 2017 05:32:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.38,324,1491289200"; d="scan'208";a="100751265" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga006.fm.intel.com with ESMTP; 11 May 2017 05:32:41 -0700 Received: from hasmsx106.ger.corp.intel.com (10.184.198.20) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 11 May 2017 05:32:41 -0700 Received: from hasmsx105.ger.corp.intel.com ([169.254.1.38]) by HASMSX106.ger.corp.intel.com ([169.254.2.229]) with mapi id 14.03.0319.002; Thu, 11 May 2017 15:32:39 +0300 From: "Stojaczyk, DariuszX" To: Jens Freimann CC: "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH v2 1/3] vhost: fix malloc in rte_vhost_get_mem_table Thread-Index: AQHSyieaqNyeVLi0XkKIjvDpPGTo26Hu0LQAgAA6AzA= Date: Thu, 11 May 2017 12:32:38 +0000 Message-ID: References: <1494498209-77217-1-git-send-email-dariuszx.stojaczyk@intel.com> <1494500208-78788-1-git-send-email-dariuszx.stojaczyk@intel.com> <20170511114222.y7r2ifehoxej3iu5@dhcp-192-218.str.redhat.com> In-Reply-To: <20170511114222.y7r2ifehoxej3iu5@dhcp-192-218.str.redhat.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 10.0.102.7 dlp-reaction: no-action x-originating-ip: [10.184.70.10] Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Subject: Re: [dpdk-dev] [PATCH v2 1/3] vhost: fix malloc in rte_vhost_get_mem_table X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2017 12:32:44 -0000 The size variable is still used a few lines later: memcpy(m->regions, dev->mem->regions, size); That line is ok. Only the amount of malloc'ed memory was too small. -----Original Message----- From: Jens Freimann [mailto:jfreiman@redhat.com] = Sent: Thursday, May 11, 2017 1:42 PM To: Stojaczyk, DariuszX Cc: dev@dpdk.org Subject: Re: [dpdk-dev] [PATCH v2 1/3] vhost: fix malloc in rte_vhost_get_m= em_table On Thu, May 11, 2017 at 12:56:46PM +0200, Dariusz Stojaczyk wrote: > Amount of allocated memory was too small, causing buffer overflow. > = > Signed-off-by: Dariusz Stojaczyk > --- > Removed Gerrit Change-Id > lib/librte_vhost/vhost.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > = > diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index = > 0b19d2e..1f565fb 100644 > --- a/lib/librte_vhost/vhost.c > +++ b/lib/librte_vhost/vhost.c > @@ -369,7 +369,7 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_mem= ory **mem) > return -1; > = > size =3D dev->mem->nregions * sizeof(struct rte_vhost_mem_region); > - m =3D malloc(size); > + m =3D malloc(sizeof(struct rte_vhost_memory) + size); Why not just add it to the line above where size is calculated? With that changed, Reviewed-by: Jens Freimann = regards, Jens -------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydz= ial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-31= 6 | Kapital zakladowy 200.000 PLN. Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata= i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wi= adomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiek= olwiek przegladanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the s= ole use of the intended recipient(s). If you are not the intended recipient= , please contact the sender and delete all copies; any review or distributi= on by others is strictly prohibited.