[dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free

[Zhang, Tianfei]

> -----Original Message-----
> From: dev <dev-bounces at dpdk.org> On Behalf Of Wei Huang
> Sent: 2020年10月30日 8:22
> To: dev at dpdk.org; Xu, Rosen <rosen.xu at intel.com>; Zhang, Qi Z
> <qi.z.zhang at intel.com>
> Cc: Huang, Wei <wei.huang at intel.com>
> Subject: [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free
> 
> In rte_fpga_do_pr, calling function read() may taints argument buffer which
> turn to an untrusted value as argumen of rte_free().
> 
> Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver")

It is better add Coverity issue number , like "Coverity issue: xxxx ".
Missing “Cc: stable at dpdk.org”.
> 
> Signed-off-by: Wei Huang <wei.huang at intel.com>
> ---
> v2: add fixes information to log
> ---
>  drivers/raw/ifpga/ifpga_rawdev.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/raw/ifpga/ifpga_rawdev.c
> b/drivers/raw/ifpga/ifpga_rawdev.c
> index f9de167..27129b1 100644
> --- a/drivers/raw/ifpga/ifpga_rawdev.c
> +++ b/drivers/raw/ifpga/ifpga_rawdev.c
> @@ -786,7 +786,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> port_id,
>  	int file_fd;
>  	int ret = 0;
>  	ssize_t buffer_size;
> -	void *buffer;
> +	void *buffer, *buf_to_free;
>  	u64 pr_error;
> 
>  	if (!file_name)
> @@ -818,6 +818,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> port_id,
>  		ret = -ENOMEM;
>  		goto close_fd;
>  	}
> +	buf_to_free = buffer;
> 
>  	/*read the raw data*/
>  	if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) { @@ -835,8
> +836,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
>  	}
> 
>  free_buffer:
> -	if (buffer)
> -		rte_free(buffer);
> +	if (buf_to_free)
> +		rte_free(buf_to_free);
>  close_fd:
>  	close(file_fd);
>  	file_fd = 0;
> --
> 2.7.3