[dpdk-dev] [PATCH] mem: fix possible memzone integer overflow
thomas.monjalon at 6wind.com
Mon Jun 20 10:57:59 CEST 2016
2016-06-14 19:07, Sergio Gonzalez Monroy:
> It is possible to get an integer overflow if we try to reserve a memzone
> with len = 0 (meaning the maximum contiguous space available) and the
> maximum available elem size is less than (MALLOC_ELEM_OVERHEAD + align).
> Issue reported by Coverity:
> >>> 10. overflow: Subtract operation overflows on operands len and
> >>> 64UL.
> >>> CID 107111 (#1 of 1): Overflowed return value (INTEGER_OVERFLOW)
> >>> 11. overflow_sink: Overflowed or truncated value (or a value
> >>> computed from an overflowed or truncated value)
> >>> len - 64UL - align used as return value.
> 122 return len - MALLOC_ELEM_OVERHEAD - align;
> Fixes: fafcc11985a2 ("mem: rework memzone to be allocated by malloc")
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>
More information about the dev