[dpdk-dev] net/e1000: fix memcpy length error
Checks
Commit Message
The size of "flex_filter.filter_info.mask" and "filter->mask" is 16
bytes, but the length of memcpy--"RTE_ALIGN(filter->len, sizeof(char))
/ sizeof(char)" may reach 128 bytes which may cause array access out
of bound. Fix it by replacing "sizeof(char)" by "CHAR_BIT".
Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
---
drivers/net/e1000/igb_ethdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On 9/12/2017 1:44 PM, Yong Wang wrote:
> The size of "flex_filter.filter_info.mask" and "filter->mask" is 16
> bytes, but the length of memcpy--"RTE_ALIGN(filter->len, sizeof(char))
> / sizeof(char)" may reach 128 bytes which may cause array access out
> of bound. Fix it by replacing "sizeof(char)" by "CHAR_BIT".
>
> Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
On 9/19/2017 10:16 AM, Ferruh Yigit wrote:
> On 9/12/2017 1:44 PM, Yong Wang wrote:
>> The size of "flex_filter.filter_info.mask" and "filter->mask" is 16
>> bytes, but the length of memcpy--"RTE_ALIGN(filter->len, sizeof(char))
>> / sizeof(char)" may reach 128 bytes which may cause array access out
>> of bound. Fix it by replacing "sizeof(char)" by "CHAR_BIT".
>>
>> Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
>
> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Applied to dpdk-next-net/master, thanks.
@@ -4094,7 +4094,7 @@ static void igbvf_set_vfta_all(struct rte_eth_dev *dev, bool on)
flex_filter.filter_info.priority = filter->priority;
memcpy(flex_filter.filter_info.dwords, filter->bytes, filter->len);
memcpy(flex_filter.filter_info.mask, filter->mask,
- RTE_ALIGN(filter->len, sizeof(char)) / sizeof(char));
+ RTE_ALIGN(filter->len, CHAR_BIT) / CHAR_BIT);
it = eth_igb_flex_filter_lookup(&filter_info->flex_list,
&flex_filter.filter_info);