[dpdk-dev,v2,2/3] malloc: fix potential out-of-bounds array access
Checks
Commit Message
Technically, while the pointer would've been invalid if msl_idx
were invalid, we wouldn't have actually attempted to access the
pointer until verifying the index. Fix it by moving array access
to after we've verified validity of the index.
Coverity issue: 272574
Fixes: 66cc45e293ed ("mem: replace memseg with memseg lists")
Cc: anatoly.burakov@intel.com
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
lib/librte_eal/common/malloc_heap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Anatoly Burakov
> Sent: Wednesday, April 25, 2018 11:16 AM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; Burakov, Anatoly <anatoly.burakov@intel.com>
> Subject: [dpdk-dev] [PATCH v2 2/3] malloc: fix potential out-of-bounds array
> access
>
> Technically, while the pointer would've been invalid if msl_idx
> were invalid, we wouldn't have actually attempted to access the
> pointer until verifying the index. Fix it by moving array access
> to after we've verified validity of the index.
>
> Coverity issue: 272574
>
> Fixes: 66cc45e293ed ("mem: replace memseg with memseg lists")
> Cc: anatoly.burakov@intel.com
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Harry van Haaren <harry.van.haaren@intel.com>
@@ -99,11 +99,12 @@ malloc_add_seg(const struct rte_memseg_list *msl,
/* msl is const, so find it */
msl_idx = msl - mcfg->memsegs;
- found_msl = &mcfg->memsegs[msl_idx];
if (msl_idx < 0 || msl_idx >= RTE_MAX_MEMSEG_LISTS)
return -1;
+ found_msl = &mcfg->memsegs[msl_idx];
+
malloc_heap_add_memory(heap, found_msl, ms->addr, len);
RTE_LOG(DEBUG, EAL, "Added %zuM to heap on socket %i\n", len >> 20,