[DPDK/ethdev Bug 1791] cnxk driver reference past requested xstat array
bugzilla at dpdk.org
bugzilla at dpdk.org
Tue Sep 23 16:05:45 CEST 2025
https://bugs.dpdk.org/show_bug.cgi?id=1791
Bug ID: 1791
Summary: cnxk driver reference past requested xstat array
Product: DPDK
Version: 25.07
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: dev at dpdk.org
Reporter: stephen at networkplumber.org
Target Milestone: ---
Because the cnxk driver ignores the limit arguement in some functions such as
xstat_names_get(). If the application asks for only some of the values in the
xstats then an out of bounds reference is possible.
Something like:
struct rte_esth_xstat_name names[20];
rte_eth_xstat_get_names(port_id, names, 20);
will cause out of bound array reference down here:
int
roc_nix_xstats_names_get(struct roc_nix *roc_nix,
struct roc_nix_xstat_name *xstats_names,
unsigned int limit)
{
struct nix *nix = roc_nix_to_nix_priv(roc_nix);
struct idev_cfg *idev = idev_get_cfg();
uint64_t i, count = 0;
PLT_SET_USED(limit);
for (i = 0; i < CNXK_NIX_NUM_TX_XSTATS; i++) {
NIX_XSTATS_NAME_PRINT(xstats_names, count, nix_tx_xstats, i);
count++;
}
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/dev/attachments/20250923/16bee90a/attachment.htm>
More information about the dev
mailing list