GCC 12 raises the following warning:
In file included from ../lib/mempool/rte_mempool.h:46,
from ../lib/mbuf/rte_mbuf.h:38,
from ../lib/vhost/vhost_crypto.c:7:
../lib/vhost/vhost_crypto.c: In function ‘rte_vhost_crypto_fetch_requests’:
../lib/eal/x86/include/rte_memcpy.h:371:9: warning: array subscript 1 is
outside array bounds of ‘struct virtio_crypto_op_data_req[1]’
[-Warray-bounds]
371 | rte_mov32((uint8_t *)dst + 3 * 32, (const uint8_t *)src + 3 * 32);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/vhost/vhost_crypto.c:1178:42: note: while referencing ‘req’
1178 | struct virtio_crypto_op_data_req req;
| ^~~
Check that copied length is within req boundaries.
Fixes: 3c79609fda7c ("vhost/crypto: handle virtually non-contiguous buffers")
Cc: sta...@dpdk.org
Signed-off-by: David Marchand <david.march...@redhat.com>
---
lib/vhost/vhost_crypto.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
index b1c0eb6a0f..83325b7042 100644
--- a/lib/vhost/vhost_crypto.c
+++ b/lib/vhost/vhost_crypto.c
@@ -576,16 +576,16 @@ copy_data(void *dst_data, struct vhost_crypto_data_req
*vc_req,
uint32_t to_copy;
uint8_t *data = dst_data;
uint8_t *src;
- int left = size;
+ uint32_t left = size;
- to_copy = RTE_MIN(desc->len, (uint32_t)left);
+ to_copy = RTE_MIN(desc->len, left);
dlen = to_copy;
src = IOVA_TO_VVA(uint8_t *, vc_req, desc->addr, &dlen,
VHOST_ACCESS_RO);
- if (unlikely(!src || !dlen))
+ if (unlikely(!src || !dlen || dlen > left))
return -1;
- rte_memcpy((uint8_t *)data, src, dlen);
+ rte_memcpy(data, src, dlen);
data += dlen;
if (unlikely(dlen < to_copy)) {
--
2.36.1
