diff mbox series

mbuf: Fix illegal pointer access to mempool members

Message ID 20210331190255.3995-1-wenwux.ma@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Thomas Monjalon
Headers show
Series mbuf: Fix illegal pointer access to mempool members | expand

Checks

Context Check Description
ci/intel-Testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/github-robot success github build: passed
ci/travis-robot success travis build: passed
ci/checkpatch success coding style OK

Commit Message

Wenwu Ma March 31, 2021, 7:02 p.m. UTC
Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause heap-buffer-overflow.

Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
 lib/librte_mbuf/rte_mbuf.h | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..6c2559550 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@  rte_pktmbuf_data_room_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_data_room_size;
 }
@@ -832,6 +835,9 @@  rte_pktmbuf_priv_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_priv_size;
 }