diff mbox

[dpdk-dev,v2,1/2] mem: check if allocation size is too big

Message ID fb6d9b6f3bbead5f9ab3e9906814d35431b9edf5.1525086045.git.anatoly.burakov@intel.com (mailing list archive)
State Accepted, archived
Delegated to: Thomas Monjalon
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Anatoly Burakov April 30, 2018, 11:21 a.m. UTC 
  Mapping size is a 64-bit integer, but mmap() will accept size_t for
size mappings. A user could request a mapping with an alignment, which
would have overflown size_t, so check if (size + alignment) will
overflow size_t.

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
 lib/librte_eal/common/eal_common_memory.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Bruce Richardson April 30, 2018, 12:49 p.m. UTC | #1 
On Mon, Apr 30, 2018 at 12:21:42PM +0100, Anatoly Burakov wrote:
> Mapping size is a 64-bit integer, but mmap() will accept size_t for
> size mappings. A user could request a mapping with an alignment, which
> would have overflown size_t, so check if (size + alignment) will
> overflow size_t.
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
diff mbox

Patch

diff --git a/lib/librte_eal/common/eal_common_memory.c b/lib/librte_eal/common/eal_common_memory.c
index 4c943b0..0ac7b33 100644
--- a/lib/librte_eal/common/eal_common_memory.c
+++ b/lib/librte_eal/common/eal_common_memory.c
@@ -75,8 +75,13 @@  eal_get_virtual_area(void *requested_addr, size_t *size,
 
 	do {
 		map_sz = no_align ? *size : *size + page_sz;
+		if (map_sz > SIZE_MAX) {
+			RTE_LOG(ERR, EAL, "Map size too big\n");
+			rte_errno = E2BIG;
+			return NULL;
+		}
 
-		mapped_addr = mmap(requested_addr, map_sz, PROT_READ,
+		mapped_addr = mmap(requested_addr, (size_t)map_sz, PROT_READ,
 				mmap_flags, -1, 0);
 		if (mapped_addr == MAP_FAILED && allow_shrink)
 			*size -= page_sz;