From patchwork Mon Aug 27 12:53:31 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
X-Patchwork-Id: 43912
X-Patchwork-Delegate: ferruh.yigit@amd.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id E338B5F0F;
	Mon, 27 Aug 2018 14:53:52 +0200 (CEST)
Received: from stargate.chelsio.com (stargate.chelsio.com [12.32.117.8])
	by dpdk.org (Postfix) with ESMTP id 29EBC2C14;
	Mon, 27 Aug 2018 14:53:51 +0200 (CEST)
Received: from localhost (scalar.blr.asicdesigners.com [10.193.185.94])
	by stargate.chelsio.com (8.13.8/8.13.8) with ESMTP id w7RCrksQ027079;
	Mon, 27 Aug 2018 05:53:47 -0700
From: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
To: dev@dpdk.org
Cc: shaguna@chelsio.com, indranil@chelsio.com, nirranjan@chelsio.com,
	stable@dpdk.org
Date: Mon, 27 Aug 2018 18:23:31 +0530
Message-Id: <1535374411-6363-1-git-send-email-rahul.lakkireddy@chelsio.com>
X-Mailer: git-send-email 2.5.3
Subject: [dpdk-dev] [PATCH] net/cxgbe: fix illegal memory access when
	parsing flow match items
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: Shagun Agrawal <shaguna@chelsio.com>

Coverity issue: 293096
Fixes: ee61f511 ("net/cxgbe: parse and validate flows")
Cc: stable@dpdk.org

Signed-off-by: Shagun Agrawal <shaguna@chelsio.com>
Signed-off-by: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
---
 drivers/net/cxgbe/cxgbe_flow.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/cxgbe/cxgbe_flow.c b/drivers/net/cxgbe/cxgbe_flow.c
index add4f0f95..bee3bd640 100644
--- a/drivers/net/cxgbe/cxgbe_flow.c
+++ b/drivers/net/cxgbe/cxgbe_flow.c
@@ -529,10 +529,10 @@ cxgbe_rtef_parse_items(struct rte_flow *flow,
 	char repeat[ARRAY_SIZE(parseitem)] = {0};
 
 	for (i = items; i->type != RTE_FLOW_ITEM_TYPE_END; i++) {
-		struct chrte_fparse *idx = &flow->item_parser[i->type];
+		struct chrte_fparse *idx;
 		int ret;
 
-		if (i->type > ARRAY_SIZE(parseitem))
+		if (i->type >= ARRAY_SIZE(parseitem))
 			return rte_flow_error_set(e, ENOTSUP,
 						  RTE_FLOW_ERROR_TYPE_ITEM,
 						  i, "Item not supported");
@@ -553,6 +553,7 @@ cxgbe_rtef_parse_items(struct rte_flow *flow,
 			if (ret)
 				return ret;
 
+			idx = &flow->item_parser[i->type];
 			if (!idx || !idx->fptr) {
 				return rte_flow_error_set(e, ENOTSUP,
 						RTE_FLOW_ERROR_TYPE_ITEM, i,