Ping..
-----Original Message-----
From: Rahul Bhansali <rbhans...@marvell.com>
Sent: Tuesday, January 11, 2022 6:20 PM
To: dev@dpdk.org; conor.wa...@intel.com; david.march...@redhat.com
Cc: Rahul Bhansali <rbhans...@marvell.com>
Subject: [PATCH] examples/l3fwd: resolve stack buffer overflow issue
This patch fixes the stack buffer overflow error reported from AddressSanitizer.
Function send_packetsx4() tries to access out of bound data from rte_mbuf and
fill it into TX buffer even in the case where no pending packets (len = 0).
Performance impact:- No
ASAN error report:-
==819==ERROR: AddressSanitizer: stack-buffer-overflow on address
0xffffe2c0dcf0 at pc 0x0000005e791c bp 0xffffe2c0d7e0 sp 0xffffe2c0d800 READ of
size 8 at 0xffffe2c0dcf0 thread T0
#0 0x5e7918 in send_packetsx4 ../examples/l3fwd/l3fwd_common.h:251
#1 0x5e7918 in send_packets_multi ../examples/l3fwd/l3fwd_neon.h:226
Signed-off-by: Rahul Bhansali <rbhans...@marvell.com>
---
examples/l3fwd/l3fwd_common.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/examples/l3fwd/l3fwd_common.h b/examples/l3fwd/l3fwd_common.h
index 7d83ff641a..de77711f88 100644
--- a/examples/l3fwd/l3fwd_common.h
+++ b/examples/l3fwd/l3fwd_common.h
@@ -236,6 +236,9 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port,
struct rte_mbuf *m[],
/* copy rest of the packets into the TX buffer. */
len = num - n;
+ if (len == 0)
+ goto exit;
+
j = 0;
switch (len % FWDSTEP) {
while (j < len) {
@@ -258,6 +261,7 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port,
struct rte_mbuf *m[],
}
}
+exit:
qconf->tx_mbufs[port].len = len;
}
--
2.25.1
