diff mbox

[dpdk-dev] examples/performance-thread: fix out-of-bounds read

Message ID 1505895670-25808-1-git-send-email-slawomirx.mrozowicz@intel.com (mailing list archive)
State Accepted, archived
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Slawomir Mrozowicz Sept. 20, 2017, 8:21 a.m. UTC 
  Overrunning array per_lcore_this_sched->current_lthread->tls->data of
1024 8-byte elements at element index 1024 using index k.
Fixed by correct check k condition.

Coverity issue: 143463
Fixes: 116819b9ed0d ("examples/performance-thread: add lthread subsystem")
Cc: ian.betts@intel.com
Cc: stable@dpdk.org

Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
---
 examples/performance-thread/common/lthread_tls.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Comments

Michal Jastrzebski Oct. 11, 2017, 1:56 p.m. UTC | #1 
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Slawomir
> Mrozowicz
> Sent: Wednesday, September 20, 2017 10:21 AM
> To: Mcnamara, John <john.mcnamara@intel.com>
> Cc: dev@dpdk.org; Mrozowicz, SlawomirX
> <slawomirx.mrozowicz@intel.com>; ian.betts@intel.com; stable@dpdk.org
> Subject: [dpdk-dev] [PATCH] examples/performance-thread: fix out-of-
> bounds read
> 
> Overrunning array per_lcore_this_sched->current_lthread->tls->data of
> 1024 8-byte elements at element index 1024 using index k.
> Fixed by correct check k condition.
> 
> Coverity issue: 143463
> Fixes: 116819b9ed0d ("examples/performance-thread: add lthread
> subsystem")
> Cc: ian.betts@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> ---
>  examples/performance-thread/common/lthread_tls.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/examples/performance-thread/common/lthread_tls.c
> b/examples/performance-thread/common/lthread_tls.c
> index 47505f2d4..4ae3c6c03 100644
> --- a/examples/performance-thread/common/lthread_tls.c
> +++ b/examples/performance-thread/common/lthread_tls.c
> @@ -198,11 +198,12 @@ void _lthread_tls_destroy(struct lthread *lt)
>  void
>  *lthread_getspecific(unsigned int k)
>  {
> +	void *res = NULL;
> 
> -	if (k > LTHREAD_MAX_KEYS)
> -		return NULL;
> +	if (k < LTHREAD_MAX_KEYS)
> +		res = THIS_LTHREAD->tls->data[k];
> 
> -	return THIS_LTHREAD->tls->data[k];
> +	return res;
>  }
> 
>  /*
> --
> 2.11.0

Acked-by: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>
Thomas Monjalon Oct. 13, 2017, 11:23 p.m. UTC | #2 
> > Overrunning array per_lcore_this_sched->current_lthread->tls->data of
> > 1024 8-byte elements at element index 1024 using index k.
> > Fixed by correct check k condition.
> > 
> > Coverity issue: 143463
> > Fixes: 116819b9ed0d ("examples/performance-thread: add lthread
> > subsystem")
> > Cc: ian.betts@intel.com
> > Cc: stable@dpdk.org
> > 
> > Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> 
> Acked-by: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>

Applied, thanks
diff mbox

Patch

diff --git a/examples/performance-thread/common/lthread_tls.c b/examples/performance-thread/common/lthread_tls.c
index 47505f2d4..4ae3c6c03 100644
--- a/examples/performance-thread/common/lthread_tls.c
+++ b/examples/performance-thread/common/lthread_tls.c
@@ -198,11 +198,12 @@  void _lthread_tls_destroy(struct lthread *lt)
 void
 *lthread_getspecific(unsigned int k)
 {
+	void *res = NULL;
 
-	if (k > LTHREAD_MAX_KEYS)
-		return NULL;
+	if (k < LTHREAD_MAX_KEYS)
+		res = THIS_LTHREAD->tls->data[k];
 
-	return THIS_LTHREAD->tls->data[k];
+	return res;
 }
 
 /*