From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
by inbox.dpdk.org (Postfix) with ESMTP id 40722A09F0;
Thu, 17 Dec 2020 09:27:44 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
by dpdk.org (Postfix) with ESMTP id 7FF51C9CE;
Thu, 17 Dec 2020 09:27:41 +0100 (CET)
Received: from inbox.dpdk.org (xvm-172-178.dc0.ghst.net [95.142.172.178])
by dpdk.org (Postfix) with ESMTP id 64CA7C9C2
for <dev@dpdk.org>; Thu, 17 Dec 2020 09:27:38 +0100 (CET)
Received: by inbox.dpdk.org (Postfix, from userid 33)
id 323D6A09F1; Thu, 17 Dec 2020 09:27:38 +0100 (CET)
From: bugzilla@dpdk.org
To: dev@dpdk.org
Date: Thu, 17 Dec 2020 08:27:37 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: DPDK
X-Bugzilla-Component: ethdev
X-Bugzilla-Version: 20.08
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: zhihongx.peng@intel.com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution:
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: dev@dpdk.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
op_sys bug_status bug_severity priority component assigned_to reporter
target_milestone
Message-ID: <bug-603-3@http.bugs.dpdk.org/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://bugs.dpdk.org/
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
MIME-Version: 1.0
Subject: [dpdk-dev] =?utf-8?q?=5BBug_603=5D_The_variable_drivers/regex/oct?=
=?utf-8?q?eontx2/otx2=5Fregexdev=2Ec=EF=BC=9Apci=5Fid=5Free=5Ftable_is_no?=
=?utf-8?q?t_initialized=2C_which_will_cause_the_global_variable_to_overfl?=
=?utf-8?q?ow=2C_which_is_a_security_risk=2E?=
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>
https://bugs.dpdk.org/show_bug.cgi?id=3D603
Bug ID: 603
Summary: The variable
drivers/regex/octeontx2/otx2_regexdev.c=EF=BC=9Apci_id_=
ree_tab
le is not initialized, which will cause the global
variable to overflow, which is a security risk.
Product: DPDK
Version: 20.08
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: zhihongx.peng@intel.com
Target Milestone: ---
pci_id_ree_table needs to be initialized as=EF=BC=9A
static struct rte_pci_id pci_id_ree_table[] =3D {
{ RTE_PCI_DEVICE(PCI_VENDOR_ID_CAVIUM, PCI_DEVID_OCTEONTX2_RVU_REE_PF) }
,
{ .vendor_id =3D 0, /* sentinel */ }
,
};
Test steps:
1. Compile add option -Db_sanitize=3Daddress
CC=3Dgcc meson --werror -Denable_kmods=3DTrue -Dlibdir=3Dlib -Dbuildtype=3D=
debug
-Db_sanitize=3Daddress --default-library=3Dstatic x86_64-native-linuxapp-gcc
ninja -C x86_64-native-linuxapp-gcc -j 55
2. start dpdp-testpmd
./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0x6 -n 4 =E2=80=93 -i
3. a global-buffer-overflow
=3D=3D42285=3D=3DERROR: AddressSanitizer: global-buffer-overflow on address
0x5585c5a18e70 at pc 0x5585c05b0c2d bp 0x7fff3eafa280 sp 0x7fff3eafa270
READ of size 2 at 0x5585c5a18e70 thread T0
#0 0x5585c05b0c2c in rte_pci_match ../drivers/bus/pci/pci_common.c:132
#1 0x5585c05b0c8c in rte_pci_probe_one_driver
../drivers/bus/pci/pci_common.c:177
#2 0x5585c05b19c0 in pci_probe_all_drivers ../drivers/bus/pci/pci_common.c:=
318
#3 0x5585c05b1a67 in pci_probe ../drivers/bus/pci/pci_common.c:345
--=20
You are receiving this mail because:
You are the assignee for the bug.=