From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id C9EF3A00C3;
	Wed, 15 Dec 2021 09:01:18 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id B32B3410D5;
	Wed, 15 Dec 2021 09:01:18 +0100 (CET)
Received: from sender11-of-o51.zoho.eu (sender11-of-o51.zoho.eu
 [31.186.226.237])
 by mails.dpdk.org (Postfix) with ESMTP id EC40640DFD;
 Wed, 15 Dec 2021 09:01:16 +0100 (CET)
ARC-Seal: i=1; a=rsa-sha256; t=1639555274; cv=none; d=zohomail.eu; s=zohoarc; 
 b=FJnwwU6I/aoIDBrWCBzeVhJNDsFtAqC6BacxVZOxnZ8JFb1WiyK4WknkDDrOMb4SbqvTm0KwGUiXUSpiX8xrJu6a+VQThkjk/MY5Apa9J+75evJiCX4KK4xWnBZq4ptyfkCf+69ojoiw1og0fH+rohsqO46Q+/WdQUqQkQlVrMo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu;
 s=zohoarc; t=1639555274;
 h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To;
 bh=1jv8z5dbTF9S4m8zvAqeb04z3VeoKDy6EHyY8Z8V7W8=; 
 b=Uucyf1PmMYJE+UK24W8WMBiMFUDZh9xCl8Weu8+q8UaLbcWHe9+v1n4yvGFe6D5XSCo/B1pOBQg+Q09A8eVY92aLPdh3CdNeW0QSL6Aq7/gBJHuHsEwNI/04bWZwXwpKuijks4AiZDW0OYmA3ZymA445jNSUA8CkeNF51Ltw1M4=
ARC-Authentication-Results: i=1; mx.zohomail.eu;
 spf=pass  smtp.mailfrom=liangma@liangbit.com;
 dmarc=pass header.from=<liangma@liangbit.com>
Received: from C02GF04TMD6V
 (cpc145956-finc19-2-0-cust124.4-2.cable.virginm.net [82.25.6.125]) by
 mx.zoho.eu with SMTPS id 1639555270129459.2823755752421;
 Wed, 15 Dec 2021 09:01:10 +0100 (CET)
Date: Wed, 15 Dec 2021 08:01:07 +0000
From: Liang Ma <liangma@liangbit.com>
To: Zhihong Wang <wangzhihong.wzh@bytedance.com>
Cc: konstantin.ananyev@intel.com, honnappa.nagarahalli@arm.com,
 dev@dpdk.org, stable@dpdk.org
Subject: Re: [PATCH] ring: fix overflow in memory size calcuation
Message-ID: <Ybmgwyv4H+g0hCYw@C02GF04TMD6V>
References: <20211214033016.29927-1-wangzhihong.wzh@bytedance.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20211214033016.29927-1-wangzhihong.wzh@bytedance.com>
X-ZohoMailClient: External
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

On Tue, Dec 14, 2021 at 11:30:16AM +0800, Zhihong Wang wrote:
> Parameters count and esize are both unsigned int, and their product can
> legally exceed unsigned int and lead to runtime access violation.
> 
> Fixes: cc4b218790f6 ("ring: support configurable element size")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Zhihong Wang <wangzhihong.wzh@bytedance.com>
> ---
>  lib/ring/rte_ring.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/ring/rte_ring.c b/lib/ring/rte_ring.c
> index f17bd966be..d1b80597af 100644
> --- a/lib/ring/rte_ring.c
> +++ b/lib/ring/rte_ring.c
> @@ -75,7 +75,7 @@ rte_ring_get_memsize_elem(unsigned int esize, unsigned int count)
>  		return -EINVAL;
>  	}
>  
> -	sz = sizeof(struct rte_ring) + count * esize;
> +	sz = sizeof(struct rte_ring) + (ssize_t)count * esize;
>  	sz = RTE_ALIGN(sz, RTE_CACHE_LINE_SIZE);
>  	return sz;
>  }
> -- 
> 2.11.0
>
Reviewed-by Liang Ma <liangma@liangbit.com>