On 4/22/2021 10:22 AM, Min Hu (Connor) wrote:
> Buffer 'test_params->slave_port_ids' of size 6 accessed may
> overflow, since its index 'i' can have value be is out of range.
>
> This patch fixed it.
>
> Fixes: 92073ef961ee ("bond: unit tests")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Min Hu (Connor) <humi...@huawei.com>
> ---
> app/test/test_link_bonding.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/app/test/test_link_bonding.c b/app/test/test_link_bonding.c
> index 8a5c831..b5a6042 100644
> --- a/app/test/test_link_bonding.c
> +++ b/app/test/test_link_bonding.c
> @@ -2216,7 +2216,8 @@ test_activebackup_rx_burst(void)
> "failed to get primary slave for bonded port (%d)",
> test_params->bonded_port_id);
>
> - for (i = 0; i < test_params->bonded_slave_count; i++) {
> + for (i = 0; i < test_params->bonded_slave_count &&
> + i < TEST_MAX_NUMBER_OF_PORTS; i++) {
> /* Generate test bursts of packets to transmit */
> TEST_ASSERT_EQUAL(generate_test_burst(
> &gen_pkt_burst[0], burst_size, 0, 1, 0, 0, 0),
>
Hi Connor,
There is nothing wrong with the check you add, but at first place how
'test_params->bonded_slave_count' can become bigger than
'TEST_MAX_NUMBER_OF_PORTS'? Should we fix there, instead of this loop?
Also in same function, there are a few more loops iterate until " <
test_params->bonded_slave_count", so fixing the root case works for them too.
