net/ice: fix illegal pointer access in dev init
Checks
Commit Message
mac_addrs in dev data should be allocated more memory space,
Otherwise, traversing mac_addrs in function eth_dev_mac_restore()
will result heap-buffer-overflow.
Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
drivers/net/ice/ice_ethdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
> -----Original Message-----
> From: Ma, WenwuX <wenwux.ma@intel.com>
> Sent: Thursday, April 1, 2021 11:21 PM
> To: Yang, Qiming <qiming.yang@intel.com>; Zhang, Qi Z
> <qi.z.zhang@intel.com>
> Cc: dev@dpdk.org
> Subject: [PATCH] net/ice: fix illegal pointer access in dev init
>
> mac_addrs in dev data should be allocated more memory space, Otherwise,
> traversing mac_addrs in function eth_dev_mac_restore() will result
> heap-buffer-overflow.
>
> Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> ---
The patch is duplicated with
http://patchwork.dpdk.org/project/dpdk/patch/20210317060219.2162370-1-qi.z.zhang@intel.com/
which already be applied.
@@ -808,8 +808,8 @@ ice_init_mac_address(struct rte_eth_dev *dev)
(struct rte_ether_addr *)hw->port_info[0].mac.lan_addr,
(struct rte_ether_addr *)hw->port_info[0].mac.perm_addr);
- dev->data->mac_addrs =
- rte_zmalloc(NULL, sizeof(struct rte_ether_addr), 0);
+ dev->data->mac_addrs = rte_zmalloc(NULL,
+ RTE_ETHER_ADDR_LEN * ICE_NUM_MACADDR_MAX, 0);
if (!dev->data->mac_addrs) {
PMD_INIT_LOG(ERR,
"Failed to allocate memory to store mac address");