[PATCH v5 2/6] net/nfb: fix bad pointer access in queue stats

[Stephen Hemminger]

On Mon,  2 Feb 2026 20:33:26 +0100
spinler at cesnet.cz wrote:

> From: Martin Spinler <spinler at cesnet.cz>
> 
> The driver code has dereferenced the dev->data->rx_queues pointer
> without checking for its validity.
> Pointer invalidation can occur when the eth_dev_rx_queue_config
> is called with set to 0, for example.
> 
> Moreover, an array of pointers (to a structure) was used like array
> of structures (which worked with early dereference just for one queue).
> 
> Fixes: 6435f9a0ac22 ("net/nfb: add new netcope driver")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Martin Spinler <spinler at cesnet.cz>
> ---

AI found this potential issue:

ERRORS (Must Fix)
Patch 26: net/nfb: fix bad pointer access in queue stats

NULL pointer dereference risk

In nfb_eth_stats_get() and nfb_eth_stats_reset(), the patch correctly fixes the array-of-pointers vs array-of-structures bug, but introduces a new issue: it dereferences dev->data->rx_queues[i] and dev->data->tx_queues[i] without NULL checks.

The queues array can contain NULL pointers if a queue is not configured. The original buggy code had an early dereference that would have caught this, but the fixed version will crash on the first access to rx_queue->rx_pkts if the queue pointer is NULL.


I added a simple check, since fixing it takes less time than another patch cycle...