From: Pawel Nicinski <pawel.nicinski@ericsson.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: Kamila Swarbula <kamila.swarbula@ericsson.com>,
EUIR CSI ISP RT TEAM CODE DIGGERS Sub-contractors
<PDLOLTEAMC@pdl.internal.ericsson.com>
Subject: Bug report for dpdk-stable-22.11.2
Date: Thu, 20 Feb 2025 12:11:08 +0000 [thread overview]
Message-ID: <VI1PR07MB558269DB5FBD221349168695FAC42@VI1PR07MB5582.eurprd07.prod.outlook.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 388 bytes --]
Hello there,
I hope you’re having a great day.
Using the github.com/Ericsson/codechecker<https://github.com/Ericsson/codechecker> tool, we conducted a static analysis of your software. We detected some potentially critical vulnerabilities related to different areas.
Please check the attached csv file and make corrections.
Best regards,
Ericsson Team
[-- Attachment #1.2: Type: text/html, Size: 3812 bytes --]
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: dpdk_cc.csv --]
[-- Type: text/csv; name="dpdk_cc.csv", Size: 6278 bytes --]
file-path,line,message,
dpdk-stable-22.11.2/lib/eal/linux/eal_memalloc.c,1643,Array is indexed with a negative value. Possible integer overflow,
dpdk-stable-22.11.2/lib/eal/linux/eal_memalloc.c,1711,Array is indexed with a negative value. Possible integer overflow,
dpdk-stable-22.11.2/lib/acl/acl_bld.c,908,Array is indexed with a negative value. Possible integer overflow,
dpdk-stable-22.11.2/lib/acl/acl_bld.c,908,Out of bound access to memory preceding the field 'value',
dpdk-stable-22.11.2/lib/eal/common/eal_common_interrupts.c,341,Array is indexed with a negative value. Possible integer overflow,
dpdk-stable-22.11.2/lib/eal/common/eal_common_interrupts.c,377,Array is indexed with a negative value. Possible integer overflow,
dpdk-stable-22.11.2/lib/eal/common/eal_common_interrupts.c,341,Array is indexed with a negative value. Possible integer overflow,
dpdk-stable-22.11.2/lib/eal/common/eal_common_interrupts.c,377,Array is indexed with a negative value. Possible integer overflow,
dpdk-stable-22.11.2/lib/cfgfile/rte_cfgfile.c,195,Access out-of-bound array element (buffer overflow),
dpdk-stable-22.11.2/drivers/net/enetc/enetc_ethdev.c,174,Access out-of-bound array element (buffer overflow),
dpdk-stable-22.11.2/drivers/net/enetc/enetc_ethdev.c,180,Access out-of-bound array element (buffer overflow),
dpdk-stable-22.11.2/lib/eal/common/eal_common_string_fns.c,76,Access out-of-bound array element (buffer overflow),
dpdk-stable-22.11.2/app/test/test_security.c,1528,Address of stack memory associated with local variable 'm' is still referred to by the global variable 'mock_set_pkt_metadata_exp' upon returning to the caller. This will be a dangling reference,
dpdk-stable-22.11.2/app/test/test_security.c,1528,Address of stack memory associated with local variable 'params' is still referred to by the global variable 'mock_set_pkt_metadata_exp' upon returning to the caller. This will be a dangling reference,
dpdk-stable-22.11.2/lib/mempool/rte_mempool.c,750,suspicious usage of 'sizeof(sizeof(...))',
dpdk-stable-22.11.2/lib/graph/graph_populate.c,31,suspicious usage of 'sizeof(K)'; did you mean 'K'?,
dpdk-stable-22.11.2/drivers/common/sfc_efx/base/efx_mcdi.c,3553,suspicious usage of 'sizeof(K)'; did you mean 'K'?,
dpdk-stable-22.11.2/drivers/net/hinic/hinic_pmd_flow.c,2022,"argument with implicit conversion from 'bool' to 'u8' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.",
dpdk-stable-22.11.2/drivers/net/hinic/hinic_pmd_flow.c,2133,"argument with implicit conversion from 'bool' to 'u8' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.",
dpdk-stable-22.11.2/drivers/net/hinic/hinic_pmd_flow.c,2322,"argument with implicit conversion from 'bool' to 'u8' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.",
dpdk-stable-22.11.2/drivers/net/hinic/hinic_pmd_flow.c,2360,"argument with implicit conversion from 'bool' to 'u8' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.",
dpdk-stable-22.11.2/drivers/net/netvsc/hn_rndis.c,332,suspicious usage of 'sizeof(sizeof(...))',
dpdk-stable-22.11.2/app/test-fib/main.c,339,loop induction expression should not have floating-point type,
dpdk-stable-22.11.2/app/test-fib/main.c,379,loop induction expression should not have floating-point type,
dpdk-stable-22.11.2/app/test-sad/main.c,244,loop induction expression should not have floating-point type,
dpdk-stable-22.11.2/lib/cfgfile/rte_cfgfile.c,195,Access out-of-bound array element (buffer overflow),
dpdk-stable-22.11.2/drivers/event/dlb2/dlb2.c,4460,"argument with implicit conversion from 'bool' to 'uint8_t' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.",
dpdk-stable-22.11.2/drivers/crypto/qat/qat_crypto.c,115,Out of bound access to memory after the end of the field 'qps_in_use',
dpdk-stable-22.11.2/drivers/net/bonding/rte_eth_bond_pmd.c,1099,Array is indexed with a negative value. Possible integer overflow,
dpdk-stable-22.11.2/app/test-pmd/parameters.c,1411,Null pointer passed to 1st parameter expecting 'nonnull',
dpdk-stable-22.11.2/app/test/test_cryptodev_asym.c,294,Null pointer passed to 1st parameter expecting 'nonnull',
dpdk-stable-22.11.2/app/test/test_pmd_perf.c,795,Array is indexed with a negative value. Possible integer overflow,
dpdk-stable-22.11.2/app/test/test_pmd_perf.c,795,Out of bound access to memory preceding 'mbufpool',
dpdk-stable-22.11.2/app/test/test_eal_flags.c,583,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_eal_flags.c,622,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_eal_flags.c,861,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_eal_flags.c,1207,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_eal_flags.c,1215,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_eal_flags.c,1220,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_eal_flags.c,1234,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_eal_flags.c,1243,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_eal_flags.c,1248,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_eal_flags.c,1532,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_cmdline_ipaddr.c,195,"suspicious string literal, probably missing a comma",
dpdk-stable-22.11.2/app/test/test_reciprocal_division_perf.c,53,Division by zero.,
dpdk-stable-22.11.2/app/test/test_reciprocal_division.c,45,Division by zero.,
dpdk-stable-22.11.2/app/test-pmd/parameters.c,1376,Null pointer passed to 1st parameter expecting 'nonnull',
dpdk-stable-22.11.2/drivers/event/ihqm/ihqm.c,1228,"argument with implicit conversion from 'bool' to 'uint8_t' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.",
reply other threads:[~2025-02-25 8:09 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=VI1PR07MB558269DB5FBD221349168695FAC42@VI1PR07MB5582.eurprd07.prod.outlook.com \
--to=pawel.nicinski@ericsson.com \
--cc=PDLOLTEAMC@pdl.internal.ericsson.com \
--cc=dev@dpdk.org \
--cc=kamila.swarbula@ericsson.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).