From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 452A1468AE;
	Mon, 16 Jun 2025 16:41:23 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id D6E21402BC;
	Mon, 16 Jun 2025 16:41:22 +0200 (CEST)
Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178])
 by mails.dpdk.org (Postfix) with ESMTP id 77B8C402B5
 for <dev@dpdk.org>; Mon, 16 Jun 2025 16:41:21 +0200 (CEST)
Received: by inbox.dpdk.org (Postfix, from userid 33)
 id 57150468C1; Mon, 16 Jun 2025 16:41:21 +0200 (CEST)
From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [DPDK/core Bug 1724] test_pktmbuf_read_from_offset tests for
 incorrect overflow behaviour of rte_pktmbuf_read
Date: Mon, 16 Jun 2025 14:41:21 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: DPDK
X-Bugzilla-Component: core
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: minor
X-Bugzilla-Who: marat.khalili@huawei.com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: dev@dpdk.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 target_milestone
Message-ID: <bug-1724-3@http.bugs.dpdk.org/>
Content-Type: multipart/alternative; boundary=17500848810.7B7D0.1549279
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://bugs.dpdk.org/
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
MIME-Version: 1.0
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org


--17500848810.7B7D0.1549279
Date: Mon, 16 Jun 2025 16:41:21 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://bugs.dpdk.org/
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All

https://bugs.dpdk.org/show_bug.cgi?id=3D1724

            Bug ID: 1724
           Summary: test_pktmbuf_read_from_offset tests for incorrect
                    overflow behaviour of rte_pktmbuf_read
           Product: DPDK
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: minor
          Priority: Normal
         Component: core
          Assignee: dev@dpdk.org
          Reporter: marat.khalili@huawei.com
  Target Milestone: ---

Test function test_pktmbuf_read_from_offset as one of its checks
surprisingly verifies that the following call succeeds even though
rte_pktmbuf_read never guarantees this behaviour in its documentation:

    rte_pktmbuf_read(m, hdr_len, UINT_MAX, NULL);

The reason this call succeeds is due to 32-bit unsigned integer
overflow, but it is unlikely that this behaviour is intentional and
needs testing. It is very likely instead that the check condition was
reversed by mistake. Other similar calls that follow are being correctly
verified as failing. And, there were no checks of valid offset and
excessive length combinations that would cause the call to fail.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

--17500848810.7B7D0.1549279
Date: Mon, 16 Jun 2025 16:41:21 +0200
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://bugs.dpdk.org/
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All

<html>
    <head>
      <base href=3D"https://bugs.dpdk.org/">
    </head>
    <body><table border=3D"1" cellspacing=3D"0" cellpadding=3D"8" class=3D"=
bz_new_table">
        <tr>
          <th>Bug ID</th>
          <td><a class=3D"bz_bug_link=20
          bz_status_UNCONFIRMED "
   title=3D"UNCONFIRMED - test_pktmbuf_read_from_offset tests for incorrect=
 overflow behaviour of rte_pktmbuf_read"
   href=3D"https://bugs.dpdk.org/show_bug.cgi?id=3D1724">1724</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>test_pktmbuf_read_from_offset tests for incorrect overflow be=
haviour of rte_pktmbuf_read
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>DPDK
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>UNCONFIRMED
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>minor
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>core
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>dev&#64;dpdk.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>marat.khalili&#64;huawei.com
          </td>
        </tr>

        <tr>
          <th>Target Milestone</th>
          <td>---
          </td>
        </tr></table>
      <p>
        <div class=3D"bz_comment_block">
          <pre class=3D"bz_comment_text">Test function test_pktmbuf_read_fr=
om_offset as one of its checks
surprisingly verifies that the following call succeeds even though
rte_pktmbuf_read never guarantees this behaviour in its documentation:

    rte_pktmbuf_read(m, hdr_len, UINT_MAX, NULL);

The reason this call succeeds is due to 32-bit unsigned integer
overflow, but it is unlikely that this behaviour is intentional and
needs testing. It is very likely instead that the check condition was
reversed by mistake. Other similar calls that follow are being correctly
verified as failing. And, there were no checks of valid offset and
excessive length combinations that would cause the call to fail.
          </pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
      <div itemscope itemtype=3D"http://schema.org/EmailMessage">
        <div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/Vi=
ewAction">
=20=20=20=20=20=20=20=20=20=20
          <link itemprop=3D"url" href=3D"https://bugs.dpdk.org/show_bug.cgi=
?id=3D1724">
          <meta itemprop=3D"name" content=3D"View bug">
        </div>
        <meta itemprop=3D"description" content=3D"Bugzilla bug update notif=
ication">
      </div>
    </body>
</html>=

--17500848810.7B7D0.1549279--