[dpdk-dev] [PATCH] xstats: fix behavior when a null array is provided

Olivier Matz olivier.matz at 6wind.com
Mon Apr 4 17:45:18 CEST 2016


Coverity reports an issue in ethdev:

  *** CID 124562:  Null pointer dereferences  (FORWARD_NULL)
  /lib/librte_ether/rte_ethdev.c: 1518 in rte_eth_xstats_get()
  1512
  1513		/* global stats */
  1514     	for (i = 0; i < RTE_NB_STATS; i++) {
  1515     	    stats_ptr = RTE_PTR_ADD(&eth_stats,
  1516
  rte_stats_strings[i].offset);
  1517			val = *stats_ptr;
  >>>     CID 124562:  Null pointer dereferences  (FORWARD_NULL)
  >>>     Dereferencing null pointer "xstats".
  1518     	      	   snprintf(xstats[count].name,
  sizeof(xstats[count].name),
  1519				"%s", rte_stats_strings[i].name);
  1520     			      xstats[count++].value = val;
  1521     			      }
  1522
  1523		/* per-rxq stats */

If a user calls rte_eth_xstats_get(portid, NULL, n) with n != 0,
it may result in a crash. Although the API documentation says that
n is the size of the table and xstats can be NULL if n == 0, we
can add an additional check here to make Coverity happy.

In that case, the return value is the same than when n == 0 is
passed, it returns the number of statistics.

Fixes: ce757f5c9a ("ethdev: new method to retrieve extended statistics")
Signed-off-by: Olivier Matz <olivier.matz at 6wind.com>
---
 lib/librte_ether/rte_ethdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c
index 76a30fd..60d2573 100644
--- a/lib/librte_ether/rte_ethdev.c
+++ b/lib/librte_ether/rte_ethdev.c
@@ -1503,7 +1503,7 @@ rte_eth_xstats_get(uint8_t port_id, struct rte_eth_xstats *xstats,
 			return xcount;
 	}
 
-	if (n < count + xcount)
+	if (n < count + xcount || xstats == NULL)
 		return count + xcount;
 
 	/* now fill the xstats structure */
-- 
2.1.4



More information about the dev mailing list