Re: [dpdk-dev] [EXT] [PATCH] app/testeventdev: fix buffer overflow

Pavan Nikhilesh Bhagavatula Fri, 23 Apr 2021 02:08:43 -0700

>Tainted and unvalidated integer 'idx' used as an index, which may
>lead to buffer overflow.
>
>This patch fixed it.
>
>Fixes: 89e5eb118017 ("app/testeventdev: add string parsing helpers")
>Cc: sta...@dpdk.org
>
>Signed-off-by: Min Hu (Connor) <humi...@huawei.com>


Acked-by: Pavan Nikhilesh <pbhagavat...@marvell.com>

>---
> app/test-eventdev/evt_options.c | 4 ++--
> app/test-eventdev/parser.c      | 6 ++++--
> app/test-eventdev/parser.h      | 2 +-
> 3 files changed, 7 insertions(+), 5 deletions(-)
>
>diff --git a/app/test-eventdev/evt_options.c b/app/test-
>eventdev/evt_options.c
>index 0d55405..061b63e 100644
>--- a/app/test-eventdev/evt_options.c
>+++ b/app/test-eventdev/evt_options.c
>@@ -221,7 +221,7 @@ evt_parse_plcores(struct evt_options *opt,
>const char *corelist)
> {
>       int ret;
>
>-      ret = parse_lcores_list(opt->plcores, corelist);
>+      ret = parse_lcores_list(opt->plcores, RTE_MAX_LCORE,
>corelist);
>       if (ret == -E2BIG)
>               evt_err("duplicate lcores in plcores");
>
>@@ -233,7 +233,7 @@ evt_parse_work_lcores(struct evt_options
>*opt, const char *corelist)
> {
>       int ret;
>
>-      ret = parse_lcores_list(opt->wlcores, corelist);
>+      ret = parse_lcores_list(opt->wlcores, RTE_MAX_LCORE,
>corelist);
>       if (ret == -E2BIG)
>               evt_err("duplicate lcores in wlcores");
>
>diff --git a/app/test-eventdev/parser.c b/app/test-eventdev/parser.c
>index 24f1855..7a973cb 100644
>--- a/app/test-eventdev/parser.c
>+++ b/app/test-eventdev/parser.c
>@@ -310,7 +310,7 @@ parse_hex_string(char *src, uint8_t *dst,
>uint32_t *size)
> }
>
> int
>-parse_lcores_list(bool lcores[], const char *corelist)
>+parse_lcores_list(bool lcores[], int lcores_num, const char *corelist)
> {
>       int i, idx = 0;
>       int min, max;
>@@ -332,6 +332,8 @@ parse_lcores_list(bool lcores[], const char
>*corelist)
>               if (*corelist == '\0')
>                       return -1;
>               idx = strtoul(corelist, &end, 10);
>+              if (idx < 0 || idx > lcores_num)
>+                      return -1;
>
>               if (end == NULL)
>                       return -1;
>@@ -343,7 +345,7 @@ parse_lcores_list(bool lcores[], const char
>*corelist)
>                       max = idx;
>                       if (min == RTE_MAX_LCORE)
>                               min = idx;
>-                      for (idx = min; idx <= max; idx++) {
>+                      for (idx = min; idx < max; idx++) {
>                               if (lcores[idx] == 1)
>                                       return -E2BIG;
>                               lcores[idx] = 1;
>diff --git a/app/test-eventdev/parser.h b/app/test-eventdev/parser.h
>index 673ff22..696b40a 100644
>--- a/app/test-eventdev/parser.h
>+++ b/app/test-eventdev/parser.h
>@@ -46,5 +46,5 @@ int parse_hex_string(char *src, uint8_t *dst,
>uint32_t *size);
>
> int parse_tokenize_string(char *string, char *tokens[], uint32_t
>*n_tokens);
>
>-int parse_lcores_list(bool lcores[], const char *corelist);
>+int parse_lcores_list(bool lcores[], int lcores_num, const char
>*corelist);
> #endif
>--
>2.7.4

Re: [dpdk-dev] [EXT] [PATCH] app/testeventdev: fix buffer overflow

Reply via email to