> -----Original Message----- > From: Simon K?gstr?m [mailto:simon.kagstrom at netinsight.net] > Sent: Friday, October 16, 2015 9:49 AM > To: Dumitrescu, Cristian <cristian.dumitrescu at intel.com>; dev at dpdk.org > Subject: Unsafe array accesses in rte_sched.c > > Hi! > > I'm investigating DPDK support for pacing output streams and trying to > understand the QoS framework. However, I quickly found some instances of > unsafe array accesses. E.g., the rte_sched_port_config_qsize function > looks like this: > > static void > rte_sched_port_config_qsize(struct rte_sched_port *port) > { > /* TC 0 */ > port->qsize_add[0] = 0; > port->qsize_add[1] = port->qsize_add[0] + port->qsize[0]; > port->qsize_add[2] = port->qsize_add[1] + port->qsize[0]; > port->qsize_add[3] = port->qsize_add[2] + port->qsize[0]; > > [...] > > /* TC 3 */ > port->qsize_add[12] = port->qsize_add[11] + port->qsize[2]; > port->qsize_add[13] = port->qsize_add[12] + port->qsize[3]; > port->qsize_add[14] = port->qsize_add[13] + port->qsize[3]; > port->qsize_add[15] = port->qsize_add[14] + port->qsize[3]; > > port->qsize_sum = port->qsize_add[15] + port->qsize[3]; > } > > but port->qsize is actually defined as > > uint16_t qsize[RTE_SCHED_TRAFFIC_CLASSES_PER_PIPE]; >
Not sure what you see "unsafe" here: qsize is an array of 4 elements, while qsize_add is a different array of 16 elements? Please explain. > There are similar problems in rte_sched_port_log_pipe_profile() and > probably other places. > > > I don't understand the code well enough to send patches for these, > although the fixes should be fairly trivial. Perhaps this is already > known as it should be fairly easy to trigger with static checkers? > > // Simon
