[dpdk-dev] [PATCH 5/5] malloc: fix potential negative return
Tan, Jianfeng
jianfeng.tan at intel.com
Wed Apr 25 10:24:41 CEST 2018
On 4/17/2018 11:48 PM, Anatoly Burakov wrote:
> Return value from rte_socket_id_by_idx() may be negative, which would
> result in negative index access.
>
> Additionally, return value was of mismatched type (function returns
> signed int, socket id was unsigned).
>
> Coverity issue: 272571
> Coverity issue: 272597
>
> Fixes: 30bc6bf0d516 ("malloc: add function to dump heap contents")
> Cc: anatoly.burakov at intel.com
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>
> ---
> lib/librte_eal/common/rte_malloc.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c
> index b51a6d1..f207ba2 100644
> --- a/lib/librte_eal/common/rte_malloc.c
> +++ b/lib/librte_eal/common/rte_malloc.c
> @@ -169,7 +169,11 @@ rte_malloc_dump_heaps(FILE *f)
> unsigned int idx;
>
> for (idx = 0; idx < rte_socket_count(); idx++) {
> - unsigned int socket = rte_socket_id_by_idx(idx);
> + int socket = rte_socket_id_by_idx(idx);
> + if (socket < 0) {
> + RTE_LOG(ERR, EAL, "Invalid socket index: %u\n", idx);
> + continue;
> + }
For such check (and many others), we are clear that idx is guaranteed by
rte_socket_count(), so rte_socket_id_by_idx() can never return -1. So
why not just reporting this as false-positive?
Thanks,
Jianfeng
> fprintf(f, "Heap on socket %i:\n", socket);
> malloc_heap_dump(&mcfg->malloc_heaps[socket], f);
> }
More information about the dev
mailing list