Re: [dpdk-dev] [PATCH] app/testpmd: fix invalid memory access

Tue, 08 May 2018 01:32:17 -0700 

Hi Zhao Wei:

> -----Original Message-----
> From: Zhao1, Wei
> Sent: Tuesday, May 8, 2018 2:24 PM
> To: Zhang, Qi Z <qi.z.zh...@intel.com>; adrien.mazarg...@6wind.com
> Cc: Peng, Yuan <yuan.p...@intel.com>; dev@dpdk.org
> Subject: RE: [PATCH] app/testpmd: fix invalid memory access
> 
> Hi, zhang qi
>   This  fix patch to DPDK.or is also useful for igb flex byte core dump issue.
> I have validation it. But there is some patch check warning.
> https://dpdk.org/dev/patchwork/patch/39417/

Thanks for testing, I will capture the typo if Adrien agree with the fix.

Regards
Qi

> 
> 
> 
> > -----Original Message-----
> > From: Zhang, Qi Z
> > Sent: Monday, May 7, 2018 5:51 PM
> > To: adrien.mazarg...@6wind.com
> > Cc: Peng, Yuan <yuan.p...@intel.com>; Zhao1, Wei
> <wei.zh...@intel.com>;
> > dev@dpdk.org; Zhang, Qi Z <qi.z.zh...@intel.com>
> > Subject: [PATCH] app/testpmd: fix invalid memory access
> >
> > When calulate memory size of an RTE_FLOW_ITEM_TYPE_RAW 's mask
> > mask->length is not the real size of binary pattern, it should take
> > spec->length, or memory size will be over counted (0xffff) and invalid
> > memory be access during following memcpy.
> >
> > Fixes: d0ad8648b1c5 ("app/testpmd: fix RSS flow action configuration")
> >
> > Signed-off-by: Qi Zhang <qi.z.zh...@intel.com>
> > ---
> >  app/test-pmd/config.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c index
> > 16fc481ce..bcaf429c4 100644
> > --- a/app/test-pmd/config.c
> > +++ b/app/test-pmd/config.c
> > @@ -1077,7 +1077,8 @@ flow_item_spec_copy(void *buf, const struct
> > rte_flow_item *item,
> >             dst.raw = buf;
> >             off = RTE_ALIGN_CEIL(sizeof(struct rte_flow_item_raw),
> >                                  sizeof(*src.raw->pattern));
> > -           size = off + src.raw->length * sizeof(*src.raw->pattern);
> > +           size = off + ((const struct rte_flow_item_raw *)item->spec)->
> > +                   length * sizeof(*src.raw->pattern);
> >             if (dst.raw) {
> >                     memcpy(dst.raw, src.raw, sizeof(*src.raw));
> >                     dst.raw->pattern = memcpy((uint8_t *)dst.raw + off,
> > --
> > 2.13.6

Reply via email to