[PATCH v2] net/bonding: fix illegal memory accesses
Chaoyong He
chaoyong.he at corigine.com
Wed Nov 1 03:19:59 CET 2023
From: Long Wu <long.wu at corigine.com>
CI found that overrunning array of 32 2-byte elements at
element index 65535 (byte offset 131071) by dereferencing
pointer "members + agg_new_idx".
Coverity issue: 403099
Fixes: 6d72657 ("net/bonding: add other aggregator modes")
Cc: danielx.t.mrzyglod at intel.com
Cc: stable at dpdk.org
Signed-off-by: Long Wu <long.wu at corigine.com>
Reviewed-by: Chaoyong He <chaoyong.he at corigine.com>
Reviewed-by: Peng Zhang <peng.zhang at corigine.com>
---
v2:
* Modify the logic of 'max_index()'.
---
drivers/net/bonding/rte_eth_bond_8023ad.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/drivers/net/bonding/rte_eth_bond_8023ad.c b/drivers/net/bonding/rte_eth_bond_8023ad.c
index 677067870f..79f1b3f1a0 100644
--- a/drivers/net/bonding/rte_eth_bond_8023ad.c
+++ b/drivers/net/bonding/rte_eth_bond_8023ad.c
@@ -654,12 +654,9 @@ tx_machine(struct bond_dev_private *internals, uint16_t member_id)
}
static uint16_t
-max_index(uint64_t *a, int n)
+max_index(uint64_t *a, uint16_t n)
{
- if (n <= 0)
- return -1;
-
- int i, max_i = 0;
+ uint16_t i, max_i = 0;
uint64_t max = a[0];
for (i = 1; i < n; ++i) {
--
2.39.1
More information about the stable
mailing list