[dpdk-dev,v2,1/2] mem: check if allocation size is too big
Checks
Commit Message
Mapping size is a 64-bit integer, but mmap() will accept size_t for
size mappings. A user could request a mapping with an alignment, which
would have overflown size_t, so check if (size + alignment) will
overflow size_t.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
lib/librte_eal/common/eal_common_memory.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
Comments
On Mon, Apr 30, 2018 at 12:21:42PM +0100, Anatoly Burakov wrote:
> Mapping size is a 64-bit integer, but mmap() will accept size_t for
> size mappings. A user could request a mapping with an alignment, which
> would have overflown size_t, so check if (size + alignment) will
> overflow size_t.
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
@@ -75,8 +75,13 @@ eal_get_virtual_area(void *requested_addr, size_t *size,
do {
map_sz = no_align ? *size : *size + page_sz;
+ if (map_sz > SIZE_MAX) {
+ RTE_LOG(ERR, EAL, "Map size too big\n");
+ rte_errno = E2BIG;
+ return NULL;
+ }
- mapped_addr = mmap(requested_addr, map_sz, PROT_READ,
+ mapped_addr = mmap(requested_addr, (size_t)map_sz, PROT_READ,
mmap_flags, -1, 0);
if (mapped_addr == MAP_FAILED && allow_shrink)
*size -= page_sz;