From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
gmuthukrishn@marvell.com, stable@dpdk.org
Subject: [PATCH v2 7/7] examples/fips_validation: avoid rte_memcpy() bug
Date: Tue, 30 Dec 2025 10:55:15 -0800 [thread overview]
Message-ID: <20251230185837.301163-8-stephen@networkplumber.org> (raw)
In-Reply-To: <20251230185837.301163-1-stephen@networkplumber.org>
The code for copying example hash key values was calling rte_memcpy
but rte_memcpy is generating vector instruction that references
past the array.
In function ‘get_hash_oid’,
inlined from ‘prepare_rsa_xform’ at ../examples/fips_validation/main.c:1607:12:
../examples/fips_validation/main.c:890:20: warning: array subscript ‘__m128i_u[0]’
is partly outside array bounds of ‘uint8_t[15]’ {aka ‘unsigned char[15]’} [-Warray-bounds=]
890 | id = id_sha1;
| ~~~^~~~~~~~~
../examples/fips_validation/main.c: In function ‘prepare_rsa_xform’:
../examples/fips_validation/main.c:882:17: note: object ‘id_sha1’ of size 15
882 | uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
Workaround is to replace rte_memcpy with memcpy.
Fixes: ae5ae3bf5996 ("examples/fips_validation: encode digest with hash OID")
Cc: gmuthukrishn@marvell.com
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
examples/fips_validation/main.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index f21826e9d7..daf273bc85 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -882,8 +882,8 @@ get_hash_oid(enum rte_crypto_auth_algorithm hash, uint8_t *buf)
uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
0x00, 0x04, 0x14};
- uint8_t *id = NULL;
- int id_len = 0;
+ const uint8_t *id;
+ size_t id_len;
switch (hash) {
case RTE_CRYPTO_AUTH_SHA1:
@@ -907,12 +907,10 @@ get_hash_oid(enum rte_crypto_auth_algorithm hash, uint8_t *buf)
id_len = sizeof(id_sha512);
break;
default:
- id_len = -1;
- break;
+ return -1;
}
- if (id != NULL)
- rte_memcpy(buf, id, id_len);
+ memcpy(buf, id, id_len);
return id_len;
}
@@ -1614,8 +1612,8 @@ prepare_rsa_xform(struct rte_crypto_asym_xform *xform)
if (b_len) {
msg.len = env.digest_len + b_len;
msg.val = rte_zmalloc(NULL, msg.len, 0);
- rte_memcpy(msg.val, b, b_len);
- rte_memcpy(msg.val + b_len, env.digest, env.digest_len);
+ memcpy(msg.val, b, b_len);
+ memcpy(msg.val + b_len, env.digest, env.digest_len);
rte_free(env.digest);
env.digest = msg.val;
env.digest_len = msg.len;
--
2.51.0
next prev parent reply other threads:[~2025-12-30 18:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20251228184300.541639-1-stephen@networkplumber.org>
2025-12-28 18:40 ` [PATCH 5/7] net/bnxt: fix uninitialized warning Stephen Hemminger
[not found] ` <20251230185837.301163-1-stephen@networkplumber.org>
2025-12-30 18:55 ` [PATCH v2 " Stephen Hemminger
2025-12-30 18:55 ` [PATCH v2 6/7] common/cnxk: fix array out of bounds Stephen Hemminger
2025-12-30 18:55 ` Stephen Hemminger [this message]
2026-01-05 4:21 ` [EXTERNAL] [PATCH v2 7/7] examples/fips_validation: avoid rte_memcpy() bug Gowrishankar Muthukrishnan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251230185837.301163-8-stephen@networkplumber.org \
--to=stephen@networkplumber.org \
--cc=dev@dpdk.org \
--cc=gmuthukrishn@marvell.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).