[dpdk-dev v4 2/2] net/tap: fix buffer overflow for ptypes list through driver API update

[Andrew Rybchenko]

On 1/4/24 20:51, Sivaramakrishnan Venkat wrote:
> Incorrect ptypes list causes buffer overflow for Address Sanitizer
> run. Previously, the last element in the ptypes lists to be
> "RTE_PTYPE_UNKNOWN" for rte_eth_dev_get_supported_ptypes(), but this was
> not clearly documented and many PMDs did not follow this implementation.
> Instead, the dev_supported_ptypes_get() function pointer now returns the
> number of elements to eliminate the need for "RTE_PTYPE_UNKNOWN"
> as the last item.
> 
> Fixes: 47909357a069 ("ethdev: make device operations struct private")
> Cc: ferruh.yigit at intel.com
> Cc: stable at dpdk.org
> 
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan at intel.com>

[snip]

> @@ -3956,7 +3958,7 @@ rte_eth_dev_set_ptypes(uint16_t port_id, uint32_t ptype_mask,
>   	 * set_ptypes array is insufficient fill it partially.
>   	 */
>   	for (i = 0, j = 0; set_ptypes != NULL &&
> -				(all_ptypes[i] != RTE_PTYPE_UNKNOWN); ++i) {
> +				(all_ptypes[i] < no_of_elements); ++i) {

condition here looks wrong, it should be i < no_of_elements

>   		if (ptype_mask & all_ptypes[i]) {
>   			if (j < num - 1) {
>   				set_ptypes[j] = all_ptypes[i];