[dpdk-dev] Unsafe array accesses in rte_sched.c
Dumitrescu, Cristian
cristian.dumitrescu at intel.com
Fri Oct 16 15:39:39 CEST 2015
> -----Original Message-----
> From: Simon Kågström [mailto:simon.kagstrom at netinsight.net]
> Sent: Friday, October 16, 2015 9:49 AM
> To: Dumitrescu, Cristian <cristian.dumitrescu at intel.com>; dev at dpdk.org
> Subject: Unsafe array accesses in rte_sched.c
>
> Hi!
>
> I'm investigating DPDK support for pacing output streams and trying to
> understand the QoS framework. However, I quickly found some instances of
> unsafe array accesses. E.g., the rte_sched_port_config_qsize function
> looks like this:
>
> static void
> rte_sched_port_config_qsize(struct rte_sched_port *port)
> {
> /* TC 0 */
> port->qsize_add[0] = 0;
> port->qsize_add[1] = port->qsize_add[0] + port->qsize[0];
> port->qsize_add[2] = port->qsize_add[1] + port->qsize[0];
> port->qsize_add[3] = port->qsize_add[2] + port->qsize[0];
>
> [...]
>
> /* TC 3 */
> port->qsize_add[12] = port->qsize_add[11] + port->qsize[2];
> port->qsize_add[13] = port->qsize_add[12] + port->qsize[3];
> port->qsize_add[14] = port->qsize_add[13] + port->qsize[3];
> port->qsize_add[15] = port->qsize_add[14] + port->qsize[3];
>
> port->qsize_sum = port->qsize_add[15] + port->qsize[3];
> }
>
> but port->qsize is actually defined as
>
> uint16_t qsize[RTE_SCHED_TRAFFIC_CLASSES_PER_PIPE];
>
Not sure what you see "unsafe" here: qsize is an array of 4 elements, while qsize_add is a different array of 16 elements? Please explain.
> There are similar problems in rte_sched_port_log_pipe_profile() and
> probably other places.
>
>
> I don't understand the code well enough to send patches for these,
> although the fixes should be fairly trivial. Perhaps this is already
> known as it should be fairly easy to trigger with static checkers?
>
> // Simon
More information about the dev
mailing list