Hello Vladimir,
On Thu, Jun 2, 2022 at 8:42 PM Medvedkin, Vladimir
<vladimir.medved...@intel.com> wrote:
> > if (!dst) {
> > rte_pktmbuf_free(m);
> > return NULL;
> > }
> > - if (string != NULL)
> > - rte_memcpy(dst, string, t_len);
> > - else
> > - memset(dst, 0, t_len);
> > + if (string != NULL) {
> > + size_t off;
> > +
> > + for (off = 0; off + string_len < len; off +=
> > string_len)
>
> I think it should be off + string_len <= len here, because otherwise, if
> len is a multiple of string_len, the last ret_memcpy (after this loop)
> will copy 0 bytes.
Changing to off + string_len <= len would trigger an oob access to dst
(by one extra byte)?
Otoh, I don't think it is an issue to have a 0-length call to rte_memcpy.
>
> > + rte_memcpy(&dst[off], string, string_len);
> > + rte_memcpy(&dst[off], string, len % string_len);
--
David Marchand
