[dpdk-stable] [dpdk-dev] [PATCH] bitmap: fix buffer overrun in bitmap init function

[Andrew Rybchenko]

On 6/2/21 12:06 PM, Andrew Rybchenko wrote:
> From: Ivan Ilchenko <ivan.ilchenko at oktetlabs.ru>
> 
> Bitmap initialization function is allowed to memset
> caller-provided buffer with number of bytes exceeded
> this buffer size. This happens due to wrong comparision
> sign between buffer size and number of bytes required
> to initialize bitmap.
> 
> Fixes: 602c9ca33a4 ("sched: bitmap is now dynamically allocated")
> Cc: stable at dpdk.org
> 
> Reported-by: Andy Moreton <amoreton at xilinx.com>
> Signed-off-by: Ivan Ilchenko <ivan.ilchenko at oktetlabs.ru>
> Signed-off-by: Andrew Rybchenko <andrew.rybchenko at oktetlabs.ru>
> Reviewed-by: Andy Moreton <amoreton at xilinx.com>
> ---
>  lib/eal/include/rte_bitmap.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/eal/include/rte_bitmap.h b/lib/eal/include/rte_bitmap.h
> index 9e2b8f2cbf..870aecc594 100644
> --- a/lib/eal/include/rte_bitmap.h
> +++ b/lib/eal/include/rte_bitmap.h
> @@ -185,7 +185,7 @@ rte_bitmap_init(uint32_t n_bits, uint8_t *mem, uint32_t mem_size)
>  	size = __rte_bitmap_get_memory_footprint(n_bits,
>  		&array1_byte_offset, &array1_slabs,
>  		&array2_byte_offset, &array2_slabs);
> -	if (size < mem_size) {
> +	if (size > mem_size) {
>  		return NULL;
>  	}
>  
> 

Self-NACK, will fix spelling in v2 and remove curly brackets.
Strictly speaking it is out of scope of the patch, but nice
cleanup on the way.