From patchwork Wed Mar 22 09:24:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jingjing Wu X-Patchwork-Id: 22065 X-Patchwork-Delegate: ferruh.yigit@amd.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id ABBA5CF62; Wed, 22 Mar 2017 10:27:59 +0100 (CET) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id E016737B4; Wed, 22 Mar 2017 10:27:41 +0100 (CET) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga105.fm.intel.com with ESMTP; 22 Mar 2017 02:27:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,204,1486454400"; d="scan'208";a="69639825" Received: from dpdk2.sh.intel.com ([10.239.128.246]) by orsmga004.jf.intel.com with ESMTP; 22 Mar 2017 02:27:40 -0700 From: Jingjing Wu To: dev@dpdk.org Cc: jingjing.wu@intel.com, helin.zhang@intel.com, beilei.xing@intel.com, stable@dpdk.org Date: Wed, 22 Mar 2017 17:24:55 +0800 Message-Id: <1490174699-147026-4-git-send-email-jingjing.wu@intel.com> X-Mailer: git-send-email 2.4.11 In-Reply-To: <1490174699-147026-1-git-send-email-jingjing.wu@intel.com> References: <1490174699-147026-1-git-send-email-jingjing.wu@intel.com> Subject: [dpdk-dev] [PATCH 3/7] net/i40e/base: fix potential out of bound array access X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This is fix for klocwork issue where dcbcfg->numapps could be greater than size of array (i.e dcbcfg->app[I40E_DCBX_MAX_APPS]). The fix makes sure the array is not accessed past size of array (i.e. I40E_DCBX_MAX_APPS). Fixes: 166dceeeeafc ("i40e/base: add parsing for CEE DCBX TLVs") Cc: stable@dpdk.org Signed-off-by: Jingjing Wu --- drivers/net/i40e/base/i40e_dcb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/i40e/base/i40e_dcb.c b/drivers/net/i40e/base/i40e_dcb.c index 26c344f..9b5405d 100644 --- a/drivers/net/i40e/base/i40e_dcb.c +++ b/drivers/net/i40e/base/i40e_dcb.c @@ -396,6 +396,8 @@ static void i40e_parse_cee_app_tlv(struct i40e_cee_feat_tlv *tlv, dcbcfg->numapps = length / sizeof(*app); if (!dcbcfg->numapps) return; + if (dcbcfg->numapps > I40E_DCBX_MAX_APPS) + dcbcfg->numapps = I40E_DCBX_MAX_APPS; for (i = 0; i < dcbcfg->numapps; i++) { u8 up, selector;