[dpdk-dev] [PATCH v3] eal: out-of-bounds write
Slawomir Mrozowicz
slawomirx.mrozowicz at intel.com
Tue Jun 14 11:02:36 CEST 2016
Overrunning array mcfg->memseg of 256 44-byte elements
at element index 257 using index j.
Fixed by add condition with message information.
Fixes: af75078fece3 ("first public release")
Coverity ID 13282
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz at intel.com>
---
lib/librte_eal/linuxapp/eal/eal_memory.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c
index 5b9132c..6a2daf5 100644
--- a/lib/librte_eal/linuxapp/eal/eal_memory.c
+++ b/lib/librte_eal/linuxapp/eal/eal_memory.c
@@ -1301,6 +1301,15 @@ rte_eal_hugepage_init(void)
break;
}
+ if (j >= RTE_MAX_MEMSEG) {
+ RTE_LOG(ERR, EAL,
+ "Failed: all memsegs used by ivshmem.\n"
+ "Current %d is not enough.\n"
+ "Please either increase the RTE_MAX_MEMSEG\n",
+ RTE_MAX_MEMSEG);
+ return -ENOMEM;
+ }
+
for (i = 0; i < nr_hugefiles; i++) {
new_memseg = 0;
@@ -1333,8 +1342,14 @@ rte_eal_hugepage_init(void)
if (new_memseg) {
j += 1;
- if (j == RTE_MAX_MEMSEG)
- break;
+ if (j >= RTE_MAX_MEMSEG) {
+ RTE_LOG(ERR, EAL,
+ "Failed: all memsegs used by ivshmem.\n"
+ "Current %d is not enough.\n"
+ "Please either increase the RTE_MAX_MEMSEG\n",
+ RTE_MAX_MEMSEG);
+ return -ENOMEM;
+ }
mcfg->memseg[j].phys_addr = hugepage[i].physaddr;
mcfg->memseg[j].addr = hugepage[i].final_va;
--
1.9.1
More information about the dev
mailing list