[dpdk-dev] [PATCH v2 04/10] net/atlantic: fix buffer overflow
Igor Russkikh
Igor.Russkikh at aquantia.com
Sat Mar 9 15:03:30 CET 2019
From: Pavel Belous <Pavel.Belous at aquantia.com>
Found by Coverity scan. This is a real memory corruption.
There is no need in extra RTE_ALIGN macros since the
request/result structures are 4-byte aligned by definition.
Cc: stable at dpdk.org
Fixes: ce4e8d418097 ("net/atlantic: implement EEPROM get/set")
Signed-off-by: Igor Russkikh <igor.russkikh at aquantia.com>
Signed-off-by: Pavel Belous <Pavel.Belous at aquantia.com>
---
drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
index 6841d9bce39c..f90ccfe9e010 100644
--- a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
+++ b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
@@ -501,7 +501,7 @@ static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
/* Write SMBUS request to cfg memory */
err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr,
(u32 *)(void *)&request,
- RTE_ALIGN(sizeof(request), sizeof(u32)));
+ sizeof(request) / sizeof(u32));
if (err < 0)
return err;
@@ -523,7 +523,7 @@ static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32),
&result,
- RTE_ALIGN(sizeof(result), sizeof(u32)));
+ sizeof(result) / sizeof(u32));
if (err < 0)
return err;
@@ -558,7 +558,7 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
/* Write SMBUS request to cfg memory */
err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr,
(u32 *)(void *)&request,
- RTE_ALIGN(sizeof(request), sizeof(u32)));
+ sizeof(request) / sizeof(u32));
if (err < 0)
return err;
@@ -589,7 +589,7 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
/* Read status of write operation */
err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32),
&result,
- RTE_ALIGN(sizeof(result), sizeof(u32)));
+ sizeof(result) / sizeof(u32));
if (err < 0)
return err;
--
2.17.1
More information about the dev
mailing list