https://bugs.dpdk.org/show_bug.cgi?id=603
Bug ID: 603
Summary: The variable
drivers/regex/octeontx2/otx2_regexdev.c:pci_id_ree_tab
le is not initialized, which will cause the global
variable to overflow, which is a security risk.
Product: DPDK
Version: 20.08
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: zhihongx.p...@intel.com
Target Milestone: ---
pci_id_ree_table needs to be initialized as:
static struct rte_pci_id pci_id_ree_table[] = {
{ RTE_PCI_DEVICE(PCI_VENDOR_ID_CAVIUM, PCI_DEVID_OCTEONTX2_RVU_REE_PF) }
,
{ .vendor_id = 0, /* sentinel */ }
,
};
Test steps:
1. Compile add option -Db_sanitize=address
CC=gcc meson --werror -Denable_kmods=True -Dlibdir=lib -Dbuildtype=debug
-Db_sanitize=address --default-library=static x86_64-native-linuxapp-gcc
ninja -C x86_64-native-linuxapp-gcc -j 55
2. start dpdp-testpmd
./x86_64-native-linuxapp-gcc/app/dpdk-testpmd -c 0x6 -n 4 – -i
3. a global-buffer-overflow
==42285==ERROR: AddressSanitizer: global-buffer-overflow on address
0x5585c5a18e70 at pc 0x5585c05b0c2d bp 0x7fff3eafa280 sp 0x7fff3eafa270
READ of size 2 at 0x5585c5a18e70 thread T0
#0 0x5585c05b0c2c in rte_pci_match ../drivers/bus/pci/pci_common.c:132
#1 0x5585c05b0c8c in rte_pci_probe_one_driver
../drivers/bus/pci/pci_common.c:177
#2 0x5585c05b19c0 in pci_probe_all_drivers ../drivers/bus/pci/pci_common.c:318
#3 0x5585c05b1a67 in pci_probe ../drivers/bus/pci/pci_common.c:345
--
You are receiving this mail because:
You are the assignee for the bug.
