> -----Original Message-----
> From: dev <dev-boun...@dpdk.org> On Behalf Of Wei Huang
> Sent: 2020年10月30日 8:22
> To: dev@dpdk.org; Xu, Rosen <rosen...@intel.com>; Zhang, Qi Z
> <qi.z.zh...@intel.com>
> Cc: Huang, Wei <wei.hu...@intel.com>
> Subject: [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free
>
> In rte_fpga_do_pr, calling function read() may taints argument buffer which
> turn to an untrusted value as argumen of rte_free().
>
> Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver")
It is better add Coverity issue number , like "Coverity issue: xxxx ".
Missing “Cc: sta...@dpdk.org”.
>
> Signed-off-by: Wei Huang <wei.hu...@intel.com>
> ---
> v2: add fixes information to log
> ---
> drivers/raw/ifpga/ifpga_rawdev.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/raw/ifpga/ifpga_rawdev.c
> b/drivers/raw/ifpga/ifpga_rawdev.c
> index f9de167..27129b1 100644
> --- a/drivers/raw/ifpga/ifpga_rawdev.c
> +++ b/drivers/raw/ifpga/ifpga_rawdev.c
> @@ -786,7 +786,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> port_id,
> int file_fd;
> int ret = 0;
> ssize_t buffer_size;
> - void *buffer;
> + void *buffer, *buf_to_free;
> u64 pr_error;
>
> if (!file_name)
> @@ -818,6 +818,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> port_id,
> ret = -ENOMEM;
> goto close_fd;
> }
> + buf_to_free = buffer;
>
> /*read the raw data*/
> if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) { @@
> -835,8
> +836,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
> }
>
> free_buffer:
> - if (buffer)
> - rte_free(buffer);
> + if (buf_to_free)
> + rte_free(buf_to_free);
> close_fd:
> close(file_fd);
> file_fd = 0;
> --
> 2.7.3
