[dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members

Jerin Jacob jerinjacobk at gmail.com
Wed Mar 31 09:12:34 CEST 2021


On Wed, Mar 31, 2021 at 7:19 AM Wenwu Ma <wenwux.ma at intel.com> wrote:
>
> Before accessing the private data of mempool in
> function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
> it is necessary to determine whether the private data exists,
> otherwise it will cause null pointer access.
>
> Signed-off-by: Wenwu Ma <wenwux.ma at intel.com>
> ---
>  lib/librte_mbuf/rte_mbuf.h | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
> index c4c9ebfaa..6c2559550 100644
> --- a/lib/librte_mbuf/rte_mbuf.h
> +++ b/lib/librte_mbuf/rte_mbuf.h
> @@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
>  {
>         struct rte_pktmbuf_pool_private *mbp_priv;
>
> +       if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
> +               return 0;

If mp->private_data_size updated in the slow path at mempool create
time, why not have this sanity check in the slow path?


> +
>         mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
>         return mbp_priv->mbuf_data_room_size;
>  }
> @@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
>  {
>         struct rte_pktmbuf_pool_private *mbp_priv;
>
> +       if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
> +               return 0;
> +
>         mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
>         return mbp_priv->mbuf_priv_size;
>  }
> --
> 2.25.1
>


More information about the dev mailing list