From patchwork Tue Sep 12 12:44:00 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yong Wang <wang.yong19@zte.com.cn>
X-Patchwork-Id: 28634
X-Patchwork-Delegate: ferruh.yigit@amd.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 0784C2C2A;
	Tue, 12 Sep 2017 14:57:41 +0200 (CEST)
Received: from mxhk.zte.com.cn (mxhk.zte.com.cn [63.217.80.70])
	by dpdk.org (Postfix) with ESMTP id 6131C1B53
	for <dev@dpdk.org>; Tue, 12 Sep 2017 14:57:38 +0200 (CEST)
Received: from mse01.zte.com.cn (unknown [10.30.3.20])
	by Forcepoint Email with ESMTPS id B72D7F1B10DAB0F40045;
	Tue, 12 Sep 2017 20:57:37 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239])
	by mse01.zte.com.cn with ESMTP id v8CCvN3S012731;
	Tue, 12 Sep 2017 20:57:23 +0800 (GMT-8)
	(envelope-from wang.yong19@zte.com.cn)
Received: from localhost.localdomain.localdomain ([10.43.166.165])
	by szsmtp06.zte.com.cn (Lotus Domino Release 8.5.3FP6)
	with ESMTP id 2017091220572772-2285038 ;
	Tue, 12 Sep 2017 20:57:27 +0800
From: Yong Wang <wang.yong19@zte.com.cn>
To: wenzhuo.lu@intel.com
Cc: dev@dpdk.org, Yong Wang <wang.yong19@zte.com.cn>
Date: Tue, 12 Sep 2017 08:44:00 -0400
Message-Id: <1505220240-30600-1-git-send-email-wang.yong19@zte.com.cn>
X-Mailer: git-send-email 1.8.3.1
X-MIMETrack: Itemize by SMTP Server on SZSMTP06/server/zte_ltd(Release
	8.5.3FP6|November 21, 2013) at 2017-09-12 20:57:27,
	Serialize by Router on notes_smtp/zte_ltd(Release 9.0.1FP7|August 17,
	2016) at
	2017-09-12 20:57:19, Serialize complete at 2017-09-12 20:57:19
X-MAIL: mse01.zte.com.cn v8CCvN3S012731
Subject: [dpdk-dev] [PATCH] net/e1000: fix memcpy length error
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

The size of "flex_filter.filter_info.mask" and "filter->mask" is 16
bytes, but the length of memcpy--"RTE_ALIGN(filter->len, sizeof(char))
/ sizeof(char)" may reach 128 bytes which may cause array access out
of bound. Fix it by replacing "sizeof(char)" by "CHAR_BIT".

Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
---
 drivers/net/e1000/igb_ethdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/e1000/igb_ethdev.c b/drivers/net/e1000/igb_ethdev.c
index e4f7a9f..8078a1e 100644
--- a/drivers/net/e1000/igb_ethdev.c
+++ b/drivers/net/e1000/igb_ethdev.c
@@ -4094,7 +4094,7 @@ static void igbvf_set_vfta_all(struct rte_eth_dev *dev, bool on)
 	flex_filter.filter_info.priority = filter->priority;
 	memcpy(flex_filter.filter_info.dwords, filter->bytes, filter->len);
 	memcpy(flex_filter.filter_info.mask, filter->mask,
-			RTE_ALIGN(filter->len, sizeof(char)) / sizeof(char));
+			RTE_ALIGN(filter->len, CHAR_BIT) / CHAR_BIT);
 
 	it = eth_igb_flex_filter_lookup(&filter_info->flex_list,
 				&flex_filter.filter_info);