diff mbox series

[v2,2/2] raw/ifpga: use trusted buffer to free

Message ID 1604017294-23479-3-git-send-email-wei.huang@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Qi Zhang
Headers
Series raw/ifpga: fix coverity defects |

Checks

Context Check Description
ci/checkpatch warning coding style issues
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-testing fail Testing issues
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/travis-robot success Travis build: passed
ci/iol-mellanox-Performance success Performance Testing PASS

Commit Message

Wei Huang Oct. 30, 2020, 12:21 a.m. UTC 
  In rte_fpga_do_pr, calling function read() may taints argument buffer
which turn to an untrusted value as argumen of rte_free().

Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver")

Signed-off-by: Wei Huang <wei.huang@intel.com>
---
v2: add fixes information to log
---
 drivers/raw/ifpga/ifpga_rawdev.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Comments

Zhang, Tianfei Oct. 30, 2020, 6:56 a.m. UTC | #1 
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Wei Huang
> Sent: 2020年10月30日 8:22
> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
> <qi.z.zhang@intel.com>
> Cc: Huang, Wei <wei.huang@intel.com>
> Subject: [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free
> 
> In rte_fpga_do_pr, calling function read() may taints argument buffer which
> turn to an untrusted value as argumen of rte_free().
> 
> Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver")

It is better add Coverity issue number , like "Coverity issue: xxxx ".
Missing “Cc: stable@dpdk.org”.
> 
> Signed-off-by: Wei Huang <wei.huang@intel.com>
> ---
> v2: add fixes information to log
> ---
>  drivers/raw/ifpga/ifpga_rawdev.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/raw/ifpga/ifpga_rawdev.c
> b/drivers/raw/ifpga/ifpga_rawdev.c
> index f9de167..27129b1 100644
> --- a/drivers/raw/ifpga/ifpga_rawdev.c
> +++ b/drivers/raw/ifpga/ifpga_rawdev.c
> @@ -786,7 +786,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> port_id,
>  	int file_fd;
>  	int ret = 0;
>  	ssize_t buffer_size;
> -	void *buffer;
> +	void *buffer, *buf_to_free;
>  	u64 pr_error;
> 
>  	if (!file_name)
> @@ -818,6 +818,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> port_id,
>  		ret = -ENOMEM;
>  		goto close_fd;
>  	}
> +	buf_to_free = buffer;
> 
>  	/*read the raw data*/
>  	if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) { @@ -835,8
> +836,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
>  	}
> 
>  free_buffer:
> -	if (buffer)
> -		rte_free(buffer);
> +	if (buf_to_free)
> +		rte_free(buf_to_free);
>  close_fd:
>  	close(file_fd);
>  	file_fd = 0;
> --
> 2.7.3
diff mbox series

Patch

diff --git a/drivers/raw/ifpga/ifpga_rawdev.c b/drivers/raw/ifpga/ifpga_rawdev.c
index f9de167..27129b1 100644
--- a/drivers/raw/ifpga/ifpga_rawdev.c
+++ b/drivers/raw/ifpga/ifpga_rawdev.c
@@ -786,7 +786,7 @@  rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
 	int file_fd;
 	int ret = 0;
 	ssize_t buffer_size;
-	void *buffer;
+	void *buffer, *buf_to_free;
 	u64 pr_error;
 
 	if (!file_name)
@@ -818,6 +818,7 @@  rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
 		ret = -ENOMEM;
 		goto close_fd;
 	}
+	buf_to_free = buffer;
 
 	/*read the raw data*/
 	if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) {
@@ -835,8 +836,8 @@  rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
 	}
 
 free_buffer:
-	if (buffer)
-		rte_free(buffer);
+	if (buf_to_free)
+		rte_free(buf_to_free);
 close_fd:
 	close(file_fd);
 	file_fd = 0;