diff mbox series

[v3,1/2] test/mempool: fix heap buffer overflow

Message ID	20210427135646.871-1-olivier.matz@6wind.com (mailing list archive)
State	Accepted, archived
Delegated to:	Thomas Monjalon
Headers	From: Olivier Matz <olivier.matz@6wind.com> To: dev@dpdk.org Cc: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>, Pallantla Poornima <pallantlax.poornima@intel.com>, Wenwu Ma <wenwux.ma@intel.com>, Peng Zhihong <zhihongx.peng@intel.com>, Aaron Conole <aconole@redhat.com>, Thomas Monjalon <thomas@monjalon.net>, stable@dpdk.org Date: Tue, 27 Apr 2021 15:56:45 +0200 Message-Id: <20210427135646.871-1-olivier.matz@6wind.com> In-Reply-To: <20210413200513.330399-1-wenwux.ma@intel.com> References: <20210413200513.330399-1-wenwux.ma@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v3 1/2] test/mempool: fix heap buffer overflow Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	[v3,1/2] test/mempool: fix heap buffer overflow \| [v3,1/2] test/mempool: fix heap buffer overflow

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-testing	success	Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS

Commit Message

Olivier Matz April 27, 2021, 1:56 p.m. UTC

  The function rte_pktmbuf_init() expects that the mempool private area is
large enough and was previously initialized by rte_pktmbuf_pool_init(),
which is not the case.

This causes the function rte_pktmbuf_priv_size() to return an
unpredictable value, and this value is used as a size in a memset.

Replace the mempool object initializer by my_obj_init(), which does not
have this constraint, and fits the needs for this test.

Fixes: 923ceaeac140 ("test/mempool: add unit test cases")
Cc: stable@dpdk.org

Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
 app/test/test_mempool.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Thomas Monjalon May 4, 2021, 6:07 p.m. UTC | #1

27/04/2021 15:56, Olivier Matz:
> The function rte_pktmbuf_init() expects that the mempool private area is
> large enough and was previously initialized by rte_pktmbuf_pool_init(),
> which is not the case.
> 
> This causes the function rte_pktmbuf_priv_size() to return an
> unpredictable value, and this value is used as a size in a memset.
> 
> Replace the mempool object initializer by my_obj_init(), which does not
> have this constraint, and fits the needs for this test.
> 
> Fixes: 923ceaeac140 ("test/mempool: add unit test cases")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>

Replaced with Reported-by and added Olivier's signature
to match patch authorship.

Series applied, thanks.

diff mbox series

Patch

diff --git a/app/test/test_mempool.c b/app/test/test_mempool.c
index 084842fdaa..3adadd6731 100644
--- a/app/test/test_mempool.c
+++ b/app/test/test_mempool.c
@@ -552,7 +552,7 @@  test_mempool(void)
 		GOTO_ERR(ret, err);
 
 	/* test to initialize mempool objects and memory */
-	nb_objs = rte_mempool_obj_iter(mp_stack_mempool_iter, rte_pktmbuf_init,
+	nb_objs = rte_mempool_obj_iter(mp_stack_mempool_iter, my_obj_init,
 			NULL);
 	if (nb_objs == 0)
 		GOTO_ERR(ret, err);