Hi, zhang qi
This fix patch to DPDK.or is also useful for igb flex byte core dump issue.
I have validation it. But there is some patch check warning.
https://dpdk.org/dev/patchwork/patch/39417/
> -----Original Message-----
> From: Zhang, Qi Z
> Sent: Monday, May 7, 2018 5:51 PM
> To: adrien.mazarg...@6wind.com
> Cc: Peng, Yuan <yuan.p...@intel.com>; Zhao1, Wei <wei.zh...@intel.com>;
> dev@dpdk.org; Zhang, Qi Z <qi.z.zh...@intel.com>
> Subject: [PATCH] app/testpmd: fix invalid memory access
>
> When calulate memory size of an RTE_FLOW_ITEM_TYPE_RAW 's mask
> mask->length is not the real size of binary pattern, it should take
> spec->length, or memory size will be over counted (0xffff) and invalid
> memory be access during following memcpy.
>
> Fixes: d0ad8648b1c5 ("app/testpmd: fix RSS flow action configuration")
>
> Signed-off-by: Qi Zhang <qi.z.zh...@intel.com>
> ---
> app/test-pmd/config.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c index
> 16fc481ce..bcaf429c4 100644
> --- a/app/test-pmd/config.c
> +++ b/app/test-pmd/config.c
> @@ -1077,7 +1077,8 @@ flow_item_spec_copy(void *buf, const struct
> rte_flow_item *item,
> dst.raw = buf;
> off = RTE_ALIGN_CEIL(sizeof(struct rte_flow_item_raw),
> sizeof(*src.raw->pattern));
> - size = off + src.raw->length * sizeof(*src.raw->pattern);
> + size = off + ((const struct rte_flow_item_raw *)item->spec)->
> + length * sizeof(*src.raw->pattern);
> if (dst.raw) {
> memcpy(dst.raw, src.raw, sizeof(*src.raw));
> dst.raw->pattern = memcpy((uint8_t *)dst.raw + off,
> --
> 2.13.6
