[PATCH 3/4] bus/pci/bsd: Eliminate potential overflow

Jake Freeland jfree at FreeBSD.org
Tue May 6 19:40:43 CEST 2025

Previous message (by thread): [PATCH 2/4] bus/pci/bsd: Map resources at EAL baseaddr
Next message (by thread): [PATCH 3/4] bus/pci/bsd: Eliminate potential overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When calling rte_pci_write_config(), use memcpy(3) to copy @len bytes
of @buf into local memory instead of casting it to a uint32_t pointer
and dereferencing it. This prevents us from reading data outside of
@buf in the case that @buf has a length less than 32 bits.

Signed-off-by: Jake Freeland <jfree at FreeBSD.org>
---
 drivers/bus/pci/bsd/pci.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/bus/pci/bsd/pci.c b/drivers/bus/pci/bsd/pci.c
index 0581daf130..c64cd2c86c 100644
--- a/drivers/bus/pci/bsd/pci.c
+++ b/drivers/bus/pci/bsd/pci.c
@@ -467,7 +467,6 @@ int rte_pci_write_config(const struct rte_pci_device *dev,
 			.pc_func = dev->addr.function,
 		},
 		.pi_reg = offset,
-		.pi_data = *(const uint32_t *)buf,
 		.pi_width = len,
 	};
 
@@ -476,7 +475,7 @@ int rte_pci_write_config(const struct rte_pci_device *dev,
 		goto error;
 	}
 
-	memcpy(&pi.pi_data, buf, len);
+	memcpy(&pi.pi_data, buf, MIN(len, sizeof(pi.pi_data)));
 
 	fd = open("/dev/pci", O_RDWR);
 	if (fd < 0) {
-- 
2.47.2

Previous message (by thread): [PATCH 2/4] bus/pci/bsd: Map resources at EAL baseaddr
Next message (by thread): [PATCH 3/4] bus/pci/bsd: Eliminate potential overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list