[dpdk-dev] [PATCH] bonding: fix overflow check

[Ferruh Yigit]

On 4/22/2021 10:22 AM, Min Hu (Connor) wrote:
> Buffer 'test_params->slave_port_ids' of size 6 accessed may
> overflow, since its index 'i' can have value be is out of range.
> 
> This patch fixed it.
> 
> Fixes: 92073ef961ee ("bond: unit tests")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Min Hu (Connor) <humin29 at huawei.com>
> ---
>  app/test/test_link_bonding.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/app/test/test_link_bonding.c b/app/test/test_link_bonding.c
> index 8a5c831..b5a6042 100644
> --- a/app/test/test_link_bonding.c
> +++ b/app/test/test_link_bonding.c
> @@ -2216,7 +2216,8 @@ test_activebackup_rx_burst(void)
>  			"failed to get primary slave for bonded port (%d)",
>  			test_params->bonded_port_id);
>  
> -	for (i = 0; i < test_params->bonded_slave_count; i++) {
> +	for (i = 0; i < test_params->bonded_slave_count &&
> +		i < TEST_MAX_NUMBER_OF_PORTS; i++) {
>  		/* Generate test bursts of packets to transmit */
>  		TEST_ASSERT_EQUAL(generate_test_burst(
>  				&gen_pkt_burst[0], burst_size, 0, 1, 0, 0, 0),
> 

Hi Connor,

There is nothing wrong with the check you add, but at first place how
'test_params->bonded_slave_count' can become bigger than
'TEST_MAX_NUMBER_OF_PORTS'? Should we fix there, instead of this loop?

Also in same function, there are a few more loops iterate until " <
test_params->bonded_slave_count", so fixing the root case works for them too.