[PATCH] eal: fix modify data area after memset

Dmitry Kozlyuk dmitry.kozliuk at gmail.com
Sun Oct 22 22:22:34 CEST 2023

Previous message (by thread): [PATCH] eal: fix modify data area after memset
Next message (by thread): [External] Re: [PATCH] eal: fix modify data area after memset
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2023-09-22 16:12 (UTC+0800), Fengnan Chang:
> ping
> 
> Fengnan Chang <changfengnan at bytedance.com> 于2023年9月12日周二 17:05写道：
> >
> > Let's look at this path:
> > malloc_elem_free  
> >    ->malloc_elem_join_adjacent_free
> >       ->join_elem(elem, elem->next)  
> >
> > 0. cur elem's pad > 0
> > 1. data area memset in malloc_elem_free first.
> > 2. next elem is free, try to join cur elem and next.
> > 3. in join_elem, try to modify inner->size, this address had
> > memset in step 1, it casue the content of addrees become non-zero.
> >
> > If user call rte_zmalloc, and pick this elem, it can't get all
> > zero'd memory.

malloc_elem_join_adjacent_free() always calls memset() after join_elem(),
for the next and the previous element respectively.
How to reproduce this bug?

Previous message (by thread): [PATCH] eal: fix modify data area after memset
Next message (by thread): [External] Re: [PATCH] eal: fix modify data area after memset
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list