[dpdk-dev v4 2/2] net/tap: fix buffer overflow for ptypes list through driver API update
Andrew Rybchenko
andrew.rybchenko at oktetlabs.ru
Thu Jan 11 17:29:51 CET 2024
On 1/4/24 20:51, Sivaramakrishnan Venkat wrote:
> Incorrect ptypes list causes buffer overflow for Address Sanitizer
> run. Previously, the last element in the ptypes lists to be
> "RTE_PTYPE_UNKNOWN" for rte_eth_dev_get_supported_ptypes(), but this was
> not clearly documented and many PMDs did not follow this implementation.
> Instead, the dev_supported_ptypes_get() function pointer now returns the
> number of elements to eliminate the need for "RTE_PTYPE_UNKNOWN"
> as the last item.
>
> Fixes: 47909357a069 ("ethdev: make device operations struct private")
> Cc: ferruh.yigit at intel.com
> Cc: stable at dpdk.org
>
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan at intel.com>
[snip]
> @@ -3956,7 +3958,7 @@ rte_eth_dev_set_ptypes(uint16_t port_id, uint32_t ptype_mask,
> * set_ptypes array is insufficient fill it partially.
> */
> for (i = 0, j = 0; set_ptypes != NULL &&
> - (all_ptypes[i] != RTE_PTYPE_UNKNOWN); ++i) {
> + (all_ptypes[i] < no_of_elements); ++i) {
condition here looks wrong, it should be i < no_of_elements
> if (ptype_mask & all_ptypes[i]) {
> if (j < num - 1) {
> set_ptypes[j] = all_ptypes[i];
More information about the stable
mailing list