* [dpdk-dev] [PATCH v2] eal: out-of-bounds write
@ 2016-04-27 11:29 Slawomir Mrozowicz
2016-06-08 14:33 ` Sergio Gonzalez Monroy
0 siblings, 1 reply; 2+ messages in thread
From: Slawomir Mrozowicz @ 2016-04-27 11:29 UTC (permalink / raw)
To: david.marchand; +Cc: dev, Slawomir Mrozowicz
Fix issue reported by Coverity.
Coverity ID 13282: Out-of-bounds write
overrun-local: Overrunning array mcfg->memseg of 256 44-byte elements
at element index 257 using index j.
Fixes: af75078fece3 ("first public release")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
---
lib/librte_eal/linuxapp/eal/eal_memory.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c
index 5b9132c..715bd52 100644
--- a/lib/librte_eal/linuxapp/eal/eal_memory.c
+++ b/lib/librte_eal/linuxapp/eal/eal_memory.c
@@ -1333,8 +1333,11 @@ rte_eal_hugepage_init(void)
if (new_memseg) {
j += 1;
- if (j == RTE_MAX_MEMSEG)
+ if (j >= RTE_MAX_MEMSEG) {
+ RTE_LOG(ERR, EAL,
+ "Failed: memseg reached RTE_MAX_MEMSEG\n");
break;
+ }
mcfg->memseg[j].phys_addr = hugepage[i].physaddr;
mcfg->memseg[j].addr = hugepage[i].final_va;
--
1.9.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dpdk-dev] [PATCH v2] eal: out-of-bounds write
2016-04-27 11:29 [dpdk-dev] [PATCH v2] eal: out-of-bounds write Slawomir Mrozowicz
@ 2016-06-08 14:33 ` Sergio Gonzalez Monroy
0 siblings, 0 replies; 2+ messages in thread
From: Sergio Gonzalez Monroy @ 2016-06-08 14:33 UTC (permalink / raw)
To: Slawomir Mrozowicz, david.marchand; +Cc: dev
I missed this patch at the time!
On 27/04/2016 12:29, Slawomir Mrozowicz wrote:
> Fix issue reported by Coverity.
>
> Coverity ID 13282: Out-of-bounds write
> overrun-local: Overrunning array mcfg->memseg of 256 44-byte elements
> at element index 257 using index j.
>
> Fixes: af75078fece3 ("first public release")
>
> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> ---
> lib/librte_eal/linuxapp/eal/eal_memory.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c
> index 5b9132c..715bd52 100644
> --- a/lib/librte_eal/linuxapp/eal/eal_memory.c
> +++ b/lib/librte_eal/linuxapp/eal/eal_memory.c
> @@ -1333,8 +1333,11 @@ rte_eal_hugepage_init(void)
>
> if (new_memseg) {
> j += 1;
> - if (j == RTE_MAX_MEMSEG)
> + if (j >= RTE_MAX_MEMSEG) {
> + RTE_LOG(ERR, EAL,
> + "Failed: memseg reached RTE_MAX_MEMSEG\n");
> break;
> + }
>
> mcfg->memseg[j].phys_addr = hugepage[i].physaddr;
> mcfg->memseg[j].addr = hugepage[i].final_va;
As Bruce was suggesting in his comment to the v1, it's more helpful to
do a check before the loop
and print a message distinguishing the error case, something along the
lines of: "all memsegs
used by ivshmem. Please either increase....", returning with -ENOMEM error.
Sergio
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-06-08 14:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-27 11:29 [dpdk-dev] [PATCH v2] eal: out-of-bounds write Slawomir Mrozowicz
2016-06-08 14:33 ` Sergio Gonzalez Monroy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).