[EXT] [PATCH v2] graph: fix out of bounds access when re-allocate node objs
    Thomas Monjalon 
    thomas at monjalon.net
       
    Mon Oct 10 17:31:17 CEST 2022
    
    
  
> > For __rte_node_enqueue_prologue(), If the number of objs is more than the
> > node->size * 2, the extra objs will write out of bounds memory.
> > It should use __rte_node_stream_alloc_size() to request enough memory.
> > 
> > And for rte_node_next_stream_put(), it will re-allocate a small size, when the
> > node free space is small and new objs is less than the current
> > node->size. Some objs pointers behind new size may be lost. And it will
> > cause memory leak. It should request enough size of memory, containing the
> > original objs and new objs at least.
> > 
> > Fixes: 40d4f51403ec ("graph: implement fastpath routines")
> > 
> > Signed-off-by: Zhirun Yan <zhirun.yan at intel.com>
> > Signed-off-by: Cunming Liang <cunming.liang at intel.com>
> 
> Acked-by: Jerin Jacob <jerinj at marvell.com>
Applied, thanks.
    
    
More information about the dev
mailing list