[DPDK/ethdev Bug 1791] cnxk driver reference past requested xstat array

bugzilla at dpdk.org bugzilla at dpdk.org
Tue Sep 23 16:05:45 CEST 2025


https://bugs.dpdk.org/show_bug.cgi?id=1791

            Bug ID: 1791
           Summary: cnxk driver reference past requested xstat array
           Product: DPDK
           Version: 25.07
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: ethdev
          Assignee: dev at dpdk.org
          Reporter: stephen at networkplumber.org
  Target Milestone: ---

Because the cnxk driver ignores the limit arguement in some functions such as
xstat_names_get(). If the application asks for only some of the values in the
xstats then an out of bounds reference is possible.

Something like:
  struct rte_esth_xstat_name names[20];

  rte_eth_xstat_get_names(port_id, names, 20);

will cause out of bound array reference down here:



int
roc_nix_xstats_names_get(struct roc_nix *roc_nix,
                         struct roc_nix_xstat_name *xstats_names,
                         unsigned int limit)
{
        struct nix *nix = roc_nix_to_nix_priv(roc_nix);
        struct idev_cfg *idev = idev_get_cfg();
        uint64_t i, count = 0;

        PLT_SET_USED(limit);

        for (i = 0; i < CNXK_NIX_NUM_TX_XSTATS; i++) {
                NIX_XSTATS_NAME_PRINT(xstats_names, count, nix_tx_xstats, i);
                count++;
        }

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/dev/attachments/20250923/16bee90a/attachment.htm>


More information about the dev mailing list