[PATCH] ring: fix overflow in memory size calcuation
Ananyev, Konstantin
konstantin.ananyev at intel.com
Wed Dec 15 14:18:55 CET 2021
> Parameters count and esize are both unsigned int, and their product can
> legally exceed unsigned int and lead to runtime access violation.
>
> Fixes: cc4b218790f6 ("ring: support configurable element size")
> Cc: stable at dpdk.org
>
> Signed-off-by: Zhihong Wang <wangzhihong.wzh at bytedance.com>
> ---
> lib/ring/rte_ring.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/ring/rte_ring.c b/lib/ring/rte_ring.c
> index f17bd966be..d1b80597af 100644
> --- a/lib/ring/rte_ring.c
> +++ b/lib/ring/rte_ring.c
> @@ -75,7 +75,7 @@ rte_ring_get_memsize_elem(unsigned int esize, unsigned int count)
> return -EINVAL;
> }
>
> - sz = sizeof(struct rte_ring) + count * esize;
> + sz = sizeof(struct rte_ring) + (ssize_t)count * esize;
> sz = RTE_ALIGN(sz, RTE_CACHE_LINE_SIZE);
> return sz;
> }
> --
Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> 2.11.0
More information about the stable
mailing list