[PATCH] common/cnxk: validate length argument

[Jerin Jacob]

On Mon, Feb 7, 2022 at 11:43 AM Ankur Dwivedi <adwivedi at marvell.com> wrote:
>
> The x->len is passed as argument to npc_prep_mcam_ldata(). In the
> function the len is used to reference elements of int_info and
> int_info_mask array. The arrays are of length NPC_MAX_EXTRACT_DATA_LEN.
>
> Validating the x->len value so that it is not greater than
> NPC_MAX_EXTRACT_DATA_LEN.
>
> This patch also resolves warning observed with gcc 12 compiler.
>
> log:
>    ../drivers/common/cnxk/roc_npc_utils.c:13:26: warning: writing 16 bytes
>    into a region of size 0 [-Wstringop-overflow=]
>    ptr[idx] = data[len - 1 - idx];
>
>    ../drivers/common/cnxk/roc_npc_utils.c:163:17: note: at offset 64 into
>    destination object ‘int_info’ of size 64
>    uint8_t int_info[NPC_MAX_EXTRACT_DATA_LEN];
>
> Bugzilla ID: 854
> Fixes: 665b6a7400bf ("common/cnxk: add NPC helper API")
> Cc: stable at dpdk.org
>
> Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> Reviewed-by: Kiran Kumar Kokkilagadda <kirankumark at marvell.com>

Changed the subject as
common/cnxk: fix NPC key extraction validation

Applied to dpdk-next-net-mrvl/for-next-net. Thanks


> ---
>  drivers/common/cnxk/roc_npc_utils.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/drivers/common/cnxk/roc_npc_utils.c b/drivers/common/cnxk/roc_npc_utils.c
> index ed0ef5c462..007c454c3c 100644
> --- a/drivers/common/cnxk/roc_npc_utils.c
> +++ b/drivers/common/cnxk/roc_npc_utils.c
> @@ -166,6 +166,9 @@ npc_update_extraction_data(struct npc_parse_state *pst,
>         int len = 0;
>
>         x = xinfo;
> +       if (x->len > NPC_MAX_EXTRACT_DATA_LEN)
> +               return NPC_ERR_INVALID_SIZE;
> +
>         len = x->len;
>         hdr_off = x->hdr_off;
>
> --
> 2.28.0
>