[PATCH v2] net/bonding: fix illegal memory accesses

Chaoyong He chaoyong.he at corigine.com
Wed Nov 1 03:19:59 CET 2023

Previous message (by thread): [PATCH v4] net/iavf: fix mbuf release API selection
Next message (by thread): [PATCH v2] net/bonding: fix illegal memory accesses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Long Wu <long.wu at corigine.com>

CI found that overrunning array of 32 2-byte elements at
element index 65535 (byte offset 131071) by dereferencing
pointer "members + agg_new_idx".

Coverity issue: 403099
Fixes: 6d72657 ("net/bonding: add other aggregator modes")
Cc: danielx.t.mrzyglod at intel.com
Cc: stable at dpdk.org

Signed-off-by: Long Wu <long.wu at corigine.com>
Reviewed-by: Chaoyong He <chaoyong.he at corigine.com>
Reviewed-by: Peng Zhang <peng.zhang at corigine.com>

---
v2:
* Modify the logic of 'max_index()'.
---
 drivers/net/bonding/rte_eth_bond_8023ad.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/net/bonding/rte_eth_bond_8023ad.c b/drivers/net/bonding/rte_eth_bond_8023ad.c
index 677067870f..79f1b3f1a0 100644
--- a/drivers/net/bonding/rte_eth_bond_8023ad.c
+++ b/drivers/net/bonding/rte_eth_bond_8023ad.c
@@ -654,12 +654,9 @@ tx_machine(struct bond_dev_private *internals, uint16_t member_id)
 }
 
 static uint16_t
-max_index(uint64_t *a, int n)
+max_index(uint64_t *a, uint16_t n)
 {
-	if (n <= 0)
-		return -1;
-
-	int i, max_i = 0;
+	uint16_t i, max_i = 0;
 	uint64_t max = a[0];
 
 	for (i = 1; i < n; ++i) {
-- 
2.39.1

Previous message (by thread): [PATCH v4] net/iavf: fix mbuf release API selection
Next message (by thread): [PATCH v2] net/bonding: fix illegal memory accesses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list