patch 'pcapng: use malloc instead of fixed buffer size' has been queued to stable release 25.11.1

Kevin Traynor ktraynor at redhat.com
Thu Feb 26 14:10:28 CET 2026
Previous message (by thread): patch 'pcapng: document return values' has been queued to stable release 25.11.1
Next message (by thread): patch 'pcapng: chain additional mbuf when comment exceeds tailroom' has been queued to stable release 25.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,

FYI, your patch has been queued to stable release 25.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/02/26. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/97863ba094ba5ff8fd45f399ccc8585e409fa376

Thanks.

Kevin

---
>From 97863ba094ba5ff8fd45f399ccc8585e409fa376 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Mon, 16 Feb 2026 13:38:01 -0800
Subject: [PATCH] pcapng: use malloc instead of fixed buffer size

[ upstream commit edd9b971f7781390e050d4d2f54656ec8e98bbc1 ]

The administrative APIs accept comments and other metadata as
strings. Since these strings can be arbitrarily long (up to
UINT16_MAX bytes), they may overflow the fixed-size stack buffers
previously used for block construction.

Replace the fixed-size buffers with dynamically allocated memory
sized to the actual block length. Return appropriate error codes
on allocation failure.

Bugzilla ID: 1820
Fixes: 8d23ce8f5ee9 ("pcapng: add new library for writing pcapng files")

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
---
 lib/pcapng/rte_pcapng.c | 51 ++++++++++++++++++++++++++---------------
 lib/pcapng/rte_pcapng.h |  1 +
 2 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/lib/pcapng/rte_pcapng.c b/lib/pcapng/rte_pcapng.c
index 2cc9e2040d..69ff07a62e 100644
--- a/lib/pcapng/rte_pcapng.c
+++ b/lib/pcapng/rte_pcapng.c
@@ -35,7 +35,4 @@
 #define PCAPNG_MBPS_SPEED 1000000ull
 
-/* upper bound for section, stats and interface blocks (in uint32_t) */
-#define PCAPNG_BLKSIZ	(2048 / sizeof(uint32_t))
-
 /* Format of the capture file handle */
 struct rte_pcapng {
@@ -146,6 +143,7 @@ pcapng_section_block(rte_pcapng_t *self,
 	struct pcapng_section_header *hdr;
 	struct pcapng_option *opt;
-	uint32_t buf[PCAPNG_BLKSIZ];
+	uint32_t *buf;
 	uint32_t len;
+	ssize_t ret;
 
 	len = sizeof(*hdr);
@@ -163,6 +161,7 @@ pcapng_section_block(rte_pcapng_t *self,
 	len += sizeof(uint32_t);
 
-	if (len > sizeof(buf))
-		return -1;
+	buf = malloc(len);
+	if (buf == NULL)
+		return -ENOMEM;
 
 	hdr = (struct pcapng_section_header *)buf;
@@ -197,5 +196,7 @@ pcapng_section_block(rte_pcapng_t *self,
 	memcpy(opt, &hdr->block_length, sizeof(uint32_t));
 
-	return write(self->outfd, buf, len);
+	ret = write(self->outfd, buf, len);
+	free(buf);
+	return ret < 0 ? -errno : 0;
 }
 
@@ -215,8 +216,9 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, uint16_t link_type,
 	const uint8_t tsresol = 9;	/* nanosecond resolution */
 	uint32_t len;
-	uint32_t buf[PCAPNG_BLKSIZ];
+	uint32_t *buf;
 	char ifname_buf[IF_NAMESIZE];
 	char ifhw[256];
 	uint64_t speed = 0;
+	int ret;
 
 	if (rte_eth_dev_info_get(port, &dev_info) < 0)
@@ -269,6 +271,7 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, uint16_t link_type,
 	len += sizeof(uint32_t);
 
-	if (len > sizeof(buf))
-		return -1;
+	buf = malloc(len);
+	if (buf == NULL)
+		return -1; /* ENOMEM */
 
 	hdr = (struct pcapng_interface_block *)buf;
@@ -313,8 +316,12 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, uint16_t link_type,
 	memcpy(opt, &hdr->block_length, sizeof(uint32_t));
 
-	/* remember the file index */
-	self->port_index[port] = self->ports++;
+	ret = write(self->outfd, buf, len);
+	free(buf);
 
-	return write(self->outfd, buf, len);
+	/* remember the file index only after successful write */
+	if (ret > 0)
+		self->port_index[port] = self->ports++;
+
+	return ret;
 }
 
@@ -333,5 +340,6 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
 	uint64_t sample_time;
 	uint32_t optlen, len;
-	uint32_t buf[PCAPNG_BLKSIZ];
+	uint32_t *buf;
+	ssize_t ret;
 
 	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -EINVAL);
@@ -353,6 +361,7 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
 
 	len = sizeof(*hdr) + optlen + sizeof(uint32_t);
-	if (len > sizeof(buf))
-		return -1;
+	buf = malloc(len);
+	if (buf == NULL)
+		return -ENOMEM;
 
 	hdr = (struct pcapng_statistics *)buf;
@@ -385,5 +394,7 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
 	memcpy(opt, &len, sizeof(uint32_t));
 
-	return write(self->outfd, buf, len);
+	ret = write(self->outfd, buf, len);
+	free(buf);
+	return ret;
 }
 
@@ -692,4 +703,5 @@ rte_pcapng_fdopen(int fd,
 	struct timespec ts;
 	uint64_t cycles;
+	int ret;
 
 	self = malloc(sizeof(*self));
@@ -711,6 +723,9 @@ rte_pcapng_fdopen(int fd,
 		self->port_index[i] = UINT32_MAX;
 
-	if (pcapng_section_block(self, osname, hardware, appname, comment) < 0)
+	ret = pcapng_section_block(self, osname, hardware, appname, comment);
+	if (ret < 0) {
+		rte_errno = -ret;
 		goto fail;
+	}
 
 	return self;
diff --git a/lib/pcapng/rte_pcapng.h b/lib/pcapng/rte_pcapng.h
index 8d0974c3fd..fb58e752ef 100644
--- a/lib/pcapng/rte_pcapng.h
+++ b/lib/pcapng/rte_pcapng.h
@@ -199,4 +199,5 @@ rte_pcapng_write_packets(rte_pcapng_t *self,
  *   -1 on failure to write file (and errno is set)
  *   - (-EINVAL) if bad parameter.
+ *   - (-ENOMEM) if unable to allocate resources.
  */
 ssize_t
-- 
2.53.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2026-02-26 10:16:52.712858234 +0000
+++ 0146-pcapng-use-malloc-instead-of-fixed-buffer-size.patch	2026-02-26 10:16:47.214460387 +0000
@@ -1 +1 @@
-From edd9b971f7781390e050d4d2f54656ec8e98bbc1 Mon Sep 17 00:00:00 2001
+From 97863ba094ba5ff8fd45f399ccc8585e409fa376 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit edd9b971f7781390e050d4d2f54656ec8e98bbc1 ]
+
@@ -17 +18,0 @@
-Cc: stable at dpdk.org
@@ -21 +22 @@
- lib/pcapng/rte_pcapng.c | 50 ++++++++++++++++++++++++++---------------
+ lib/pcapng/rte_pcapng.c | 51 ++++++++++++++++++++++++++---------------
@@ -23 +24 @@
- 2 files changed, 33 insertions(+), 18 deletions(-)
+ 2 files changed, 34 insertions(+), 18 deletions(-)
@@ -26 +27 @@
-index 4488eb0aca..c99dbca09d 100644
+index 2cc9e2040d..69ff07a62e 100644
@@ -29,2 +30,2 @@
-@@ -38,7 +38,4 @@
- #define PCAPNG_STR_MAX	UINT16_MAX
+@@ -35,7 +35,4 @@
+ #define PCAPNG_MBPS_SPEED 1000000ull
@@ -37 +38 @@
-@@ -149,6 +146,7 @@ pcapng_section_block(rte_pcapng_t *self,
+@@ -146,6 +143,7 @@ pcapng_section_block(rte_pcapng_t *self,
@@ -46 +47 @@
-@@ -166,6 +164,7 @@ pcapng_section_block(rte_pcapng_t *self,
+@@ -163,6 +161,7 @@ pcapng_section_block(rte_pcapng_t *self,
@@ -56 +57 @@
-@@ -200,5 +199,7 @@ pcapng_section_block(rte_pcapng_t *self,
+@@ -197,5 +196,7 @@ pcapng_section_block(rte_pcapng_t *self,
@@ -65 +66 @@
-@@ -218,5 +219,5 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, uint16_t link_type,
+@@ -215,8 +216,9 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, uint16_t link_type,
@@ -72 +73,5 @@
-@@ -280,6 +281,7 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, uint16_t link_type,
+ 	uint64_t speed = 0;
++	int ret;
+ 
+ 	if (rte_eth_dev_info_get(port, &dev_info) < 0)
+@@ -269,6 +271,7 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, uint16_t link_type,
@@ -76 +81 @@
--		return -1; /* EINVAL */
+-		return -1;
@@ -82 +87 @@
-@@ -324,8 +326,12 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, uint16_t link_type,
+@@ -313,8 +316,12 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, uint16_t link_type,
@@ -98 +103 @@
-@@ -344,5 +350,6 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
+@@ -333,5 +340,6 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
@@ -106 +111 @@
-@@ -367,6 +374,7 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
+@@ -353,6 +361,7 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
@@ -116 +121 @@
-@@ -399,5 +407,7 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
+@@ -385,5 +394,7 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
@@ -125 +130 @@
-@@ -711,4 +721,5 @@ rte_pcapng_fdopen(int fd,
+@@ -692,4 +703,5 @@ rte_pcapng_fdopen(int fd,
@@ -130,2 +135,2 @@
- 	if ((osname && strlen(osname) > PCAPNG_STR_MAX) ||
-@@ -738,6 +749,9 @@ rte_pcapng_fdopen(int fd,
+ 	self = malloc(sizeof(*self));
+@@ -711,6 +723,9 @@ rte_pcapng_fdopen(int fd,
@@ -143 +148 @@
-index 68e13c67e4..d8d328f710 100644
+index 8d0974c3fd..fb58e752ef 100644
@@ -146 +151 @@
-@@ -200,4 +200,5 @@ rte_pcapng_write_packets(rte_pcapng_t *self,
+@@ -199,4 +199,5 @@ rte_pcapng_write_packets(rte_pcapng_t *self,
Previous message (by thread): patch 'pcapng: document return values' has been queued to stable release 25.11.1
Next message (by thread): patch 'pcapng: chain additional mbuf when comment exceeds tailroom' has been queued to stable release 25.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the stable mailing list