> Explicitly check return value in add_specific()
> CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
> 8. negative_returns: Using variable ret as an index to array sad->cnt_arr
>
> Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Vladimir Medvedkin <vladimir.medved...@intel.com>
> ---
> lib/librte_ipsec/ipsec_sad.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
> index 6c95240..3f9533c 100644
> --- a/lib/librte_ipsec/ipsec_sad.c
> +++ b/lib/librte_ipsec/ipsec_sad.c
> @@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
> ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
> rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
> sad->init_val));
> + if (ret < 0)
> + return ret;
> if (key_type == RTE_IPSEC_SAD_SPI_DIP)
> sad->cnt_arr[ret].cnt_dip += notexist;
> else
> --
Acked-by: Konstantin Ananyev <konstantin.anan...@intel.com>
> 2.7.4
