From: Peng Zhang <peng.zh...@corigine.com>
CI found in the logic of 'nfp_elf_read_first_symtab()' has
dereference after null check problem.
Coverity issue: 415042
Fixes: c82ca09c441c ("net/nfp: add ELF module")
Cc: sta...@dpdk.org
Signed-off-by: Peng Zhang <peng.zh...@corigine.com>
Reviewed-by: Chaoyong He <chaoyong...@corigine.com>
---
drivers/net/nfp/nfpcore/nfp_elf.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/nfp/nfpcore/nfp_elf.c
b/drivers/net/nfp/nfpcore/nfp_elf.c
index fbd350589b..268cdb1aff 100644
--- a/drivers/net/nfp/nfpcore/nfp_elf.c
+++ b/drivers/net/nfp/nfpcore/nfp_elf.c
@@ -900,7 +900,8 @@ nfp_elf_read_first_symtab(struct nfp_elf *ectx)
uint64_t sh_size;
struct nfp_elf_elf64_shdr *sec;
- for (idx = 0, sec = ectx->shdrs; idx < ectx->shdrs_cnt; idx++, sec++) {
+ for (idx = 0; idx < ectx->shdrs_cnt; idx++) {
+ sec = &ectx->shdrs[idx];
if (sec != NULL) {
sh_type = rte_le_to_cpu_32(sec->sh_type);
if (sh_type == NFP_ELF_SHT_SYMTAB)
@@ -908,6 +909,9 @@ nfp_elf_read_first_symtab(struct nfp_elf *ectx)
}
}
+ if (sec == NULL)
+ return -EINVAL;
+
sh_size = rte_le_to_cpu_64(sec->sh_size);
if (idx < ectx->shdrs_cnt && sh_type == NFP_ELF_SHT_SYMTAB) {
--
2.39.1
