[PATCH] ring: fix overflow in memory size calcuation

Zhihong Wang wangzhihong.wzh at bytedance.com
Tue Dec 14 04:30:16 CET 2021

Previous message (by thread): [PATCH 1/2] maintainers: fix stable maintainers list
Next message (by thread): [PATCH] ring: fix overflow in memory size calcuation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Parameters count and esize are both unsigned int, and their product can
legally exceed unsigned int and lead to runtime access violation.

Fixes: cc4b218790f6 ("ring: support configurable element size")
Cc: stable at dpdk.org

Signed-off-by: Zhihong Wang <wangzhihong.wzh at bytedance.com>
---
 lib/ring/rte_ring.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ring/rte_ring.c b/lib/ring/rte_ring.c
index f17bd966be..d1b80597af 100644
--- a/lib/ring/rte_ring.c
+++ b/lib/ring/rte_ring.c
@@ -75,7 +75,7 @@ rte_ring_get_memsize_elem(unsigned int esize, unsigned int count)
 		return -EINVAL;
 	}
 
-	sz = sizeof(struct rte_ring) + count * esize;
+	sz = sizeof(struct rte_ring) + (ssize_t)count * esize;
 	sz = RTE_ALIGN(sz, RTE_CACHE_LINE_SIZE);
 	return sz;
 }
-- 
2.11.0

Previous message (by thread): [PATCH 1/2] maintainers: fix stable maintainers list
Next message (by thread): [PATCH] ring: fix overflow in memory size calcuation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list