[PATCH 02/11] net/enetfec: fix out-of-bounds access in UIO mapping

Hemant Agrawal hemant.agrawal at nxp.com
Mon Oct 6 10:04:01 CEST 2025

Previous message (by thread): [PATCH 01/11] net/enetfec: fix file descriptor leak on read error
Next message (by thread): [PATCH 03/11] net/enetfec: fix buffer descriptor size configuration
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Vanshika Shukla <vanshika.shukla at nxp.com>

NXP internal Coverity flagged a potential out-of-bounds
access due to invalid mapping size. This patch adds a check to
ensure the mapping size is within valid bounds before proceeding
with memory mapping.

Fixes: b84fdd39638b ("net/enetfec: support UIO")
Cc: stable at dpdk.org

Signed-off-by: Vanshika Shukla <vanshika.shukla at nxp.com>
---
 drivers/net/enetfec/enet_uio.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/net/enetfec/enet_uio.c b/drivers/net/enetfec/enet_uio.c
index 23cb4e7e93..f32d5e1b1e 100644
--- a/drivers/net/enetfec/enet_uio.c
+++ b/drivers/net/enetfec/enet_uio.c
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2021,2024 NXP
+ * Copyright 2021,2024-2025 NXP
  */
 
 #include <stdbool.h>
@@ -142,6 +142,10 @@ uio_map_mem(int uio_device_fd, int uio_device_id,
 	}
 	/* Read mapping size and physical address expressed in hexa(base 16) */
 	uio_map_size = strtol(uio_map_size_str, NULL, 16);
+	if (uio_map_size <= 0 || uio_map_size > INT_MAX) {
+		ENETFEC_PMD_ERR("Invalid mapping size: %u.", uio_map_size);
+		return NULL;
+	}
 	uio_map_p_addr = strtol(uio_map_p_addr_str, NULL, 16);
 
 	if (uio_map_id == 0) {
-- 
2.25.1

Previous message (by thread): [PATCH 01/11] net/enetfec: fix file descriptor leak on read error
Next message (by thread): [PATCH 03/11] net/enetfec: fix buffer descriptor size configuration
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list