[dpdk-dev] [DPDK] drivers/net: fix dereference after null check coverity

[Zhang, Xiao]

> -----Original Message-----
> From: Stephen Hemminger [mailto:stephen at networkplumber.org]
> Sent: Monday, July 15, 2019 12:06 PM
> To: Zhang, Xiao <xiao.zhang at intel.com>
> Cc: dev at dpdk.org; Zhang, Qi Z <qi.z.zhang at intel.com>; Wang, Xiao W
> <xiao.w.wang at intel.com>; Xing, Beilei <beilei.xing at intel.com>; Lu, Wenzhuo
> <wenzhuo.lu at intel.com>; Yang, Qiming <qiming.yang at intel.com>; Ananyev,
> Konstantin <konstantin.ananyev at intel.com>; Wu, Jingjing
> <jingjing.wu at intel.com>
> Subject: Re: [dpdk-dev] [DPDK] drivers/net: fix dereference after null check
> coverity
> 
> On Sat, 13 Jul 2019 00:39:47 +0800
> Xiao Zhang <xiao.zhang at intel.com> wrote:
> 
> > This patch tries to fix the coverity issues of dereference after null
> > check.
> >
> > Coverity issue: 343452
> > Coverity issue: 343447
> > Coverity issue: 343422
> > Coverity issue: 343416
> > Coverity issue: 343407
> > Coverity issue: 343403
> > Coverity issue: 13245
> >
> > Signed-off-by: Xiao Zhang <xiao.zhang at intel.com>
> 
> I think this should be fixed deeper in the vector code.
> 
> Example for ixgbe.
> 
> 
> static inline uint16_t
> reassemble_packets(struct ixgbe_rx_queue *rxq, struct rte_mbuf **rx_bufs,
> 		   uint16_t nb_bufs, uint8_t *split_flags) {
> 	struct rte_mbuf *pkts[nb_bufs]; /*finished pkts*/
> 	struct rte_mbuf *start = rxq->pkt_first_seg;
> 
> So start is rxq->pkt_first_seg.
> 
> But caller has already checked for NULL here.
> It has iterated across the first packets but not updated rxq->first_seg.

Yes, this seems to be a bug but not a coverity issue. I will fix it.

> 	if (rxq->pkt_first_seg == NULL) {
> 		/* find the first split flag, and only reassemble then*/
> 		while (i < nb_bufs && !split_flags[i])
> 			i++;
> 		if (i == nb_bufs)
> 			return nb_bufs;
> 	}
> 	return i + reassemble_packets(rxq, &rx_pkts[i], nb_bufs - i,