On 11/6/2018 9:48 PM, Stephen Hemminger wrote:
> The pci_resource_by_index called strlen() on uninitialized
> memory which would lead to the wrong size of memory allocated
> for the path portion of the resource map. This would either cause
> excessively large allocation, or worse memory corruption.
Yes this may corrupt memory, I wonder how nobody hit this. I am for including
the fix for the release.
>
> Coverity Issue: 300868
> Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
> Signed-off-by: Stephen Hemminger <step...@networkplumber.org>
> ---
> drivers/bus/pci/linux/pci_uio.c | 29 ++++++++++++++---------------
> 1 file changed, 14 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/bus/pci/linux/pci_uio.c b/drivers/bus/pci/linux/pci_uio.c
> index a7c14421aa79..112ac51dddcc 100644
> --- a/drivers/bus/pci/linux/pci_uio.c
> +++ b/drivers/bus/pci/linux/pci_uio.c
> @@ -295,14 +295,6 @@ pci_uio_map_resource_by_index(struct rte_pci_device
> *dev, int res_idx,
> loc = &dev->addr;
> maps = uio_res->maps;
>
> - /* allocate memory to keep path */
> - maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
> - if (maps[map_idx].path == NULL) {
> - RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n",
> - strerror(errno));
> - return -1;
> - }
What about simply:
- maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
+ maps[map_idx].path = rte_malloc(NULL, sizeof(devname) + 1, 0);
