Hello there,
I hope you’re having a great day. Using the github.com/Ericsson/codechecker<https://github.com/Ericsson/codechecker> tool, we conducted a static analysis of your software. We detected some potentially critical vulnerabilities related to different areas. Please check the attached csv file and make corrections. Best regards, Ericsson Team
file-path,line,message, dpdk-stable-22.11.2/lib/eal/linux/eal_memalloc.c,1643,Array is indexed with a negative value. Possible integer overflow, dpdk-stable-22.11.2/lib/eal/linux/eal_memalloc.c,1711,Array is indexed with a negative value. Possible integer overflow, dpdk-stable-22.11.2/lib/acl/acl_bld.c,908,Array is indexed with a negative value. Possible integer overflow, dpdk-stable-22.11.2/lib/acl/acl_bld.c,908,Out of bound access to memory preceding the field 'value', dpdk-stable-22.11.2/lib/eal/common/eal_common_interrupts.c,341,Array is indexed with a negative value. Possible integer overflow, dpdk-stable-22.11.2/lib/eal/common/eal_common_interrupts.c,377,Array is indexed with a negative value. Possible integer overflow, dpdk-stable-22.11.2/lib/eal/common/eal_common_interrupts.c,341,Array is indexed with a negative value. Possible integer overflow, dpdk-stable-22.11.2/lib/eal/common/eal_common_interrupts.c,377,Array is indexed with a negative value. Possible integer overflow, dpdk-stable-22.11.2/lib/cfgfile/rte_cfgfile.c,195,Access out-of-bound array element (buffer overflow), dpdk-stable-22.11.2/drivers/net/enetc/enetc_ethdev.c,174,Access out-of-bound array element (buffer overflow), dpdk-stable-22.11.2/drivers/net/enetc/enetc_ethdev.c,180,Access out-of-bound array element (buffer overflow), dpdk-stable-22.11.2/lib/eal/common/eal_common_string_fns.c,76,Access out-of-bound array element (buffer overflow), dpdk-stable-22.11.2/app/test/test_security.c,1528,Address of stack memory associated with local variable 'm' is still referred to by the global variable 'mock_set_pkt_metadata_exp' upon returning to the caller. This will be a dangling reference, dpdk-stable-22.11.2/app/test/test_security.c,1528,Address of stack memory associated with local variable 'params' is still referred to by the global variable 'mock_set_pkt_metadata_exp' upon returning to the caller. This will be a dangling reference, dpdk-stable-22.11.2/lib/mempool/rte_mempool.c,750,suspicious usage of 'sizeof(sizeof(...))', dpdk-stable-22.11.2/lib/graph/graph_populate.c,31,suspicious usage of 'sizeof(K)'; did you mean 'K'?, dpdk-stable-22.11.2/drivers/common/sfc_efx/base/efx_mcdi.c,3553,suspicious usage of 'sizeof(K)'; did you mean 'K'?, dpdk-stable-22.11.2/drivers/net/hinic/hinic_pmd_flow.c,2022,"argument with implicit conversion from 'bool' to 'u8' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.", dpdk-stable-22.11.2/drivers/net/hinic/hinic_pmd_flow.c,2133,"argument with implicit conversion from 'bool' to 'u8' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.", dpdk-stable-22.11.2/drivers/net/hinic/hinic_pmd_flow.c,2322,"argument with implicit conversion from 'bool' to 'u8' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.", dpdk-stable-22.11.2/drivers/net/hinic/hinic_pmd_flow.c,2360,"argument with implicit conversion from 'bool' to 'u8' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.", dpdk-stable-22.11.2/drivers/net/netvsc/hn_rndis.c,332,suspicious usage of 'sizeof(sizeof(...))', dpdk-stable-22.11.2/app/test-fib/main.c,339,loop induction expression should not have floating-point type, dpdk-stable-22.11.2/app/test-fib/main.c,379,loop induction expression should not have floating-point type, dpdk-stable-22.11.2/app/test-sad/main.c,244,loop induction expression should not have floating-point type, dpdk-stable-22.11.2/lib/cfgfile/rte_cfgfile.c,195,Access out-of-bound array element (buffer overflow), dpdk-stable-22.11.2/drivers/event/dlb2/dlb2.c,4460,"argument with implicit conversion from 'bool' to 'uint8_t' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.", dpdk-stable-22.11.2/drivers/crypto/qat/qat_crypto.c,115,Out of bound access to memory after the end of the field 'qps_in_use', dpdk-stable-22.11.2/drivers/net/bonding/rte_eth_bond_pmd.c,1099,Array is indexed with a negative value. Possible integer overflow, dpdk-stable-22.11.2/app/test-pmd/parameters.c,1411,Null pointer passed to 1st parameter expecting 'nonnull', dpdk-stable-22.11.2/app/test/test_cryptodev_asym.c,294,Null pointer passed to 1st parameter expecting 'nonnull', dpdk-stable-22.11.2/app/test/test_pmd_perf.c,795,Array is indexed with a negative value. Possible integer overflow, dpdk-stable-22.11.2/app/test/test_pmd_perf.c,795,Out of bound access to memory preceding 'mbufpool', dpdk-stable-22.11.2/app/test/test_eal_flags.c,583,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_eal_flags.c,622,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_eal_flags.c,861,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_eal_flags.c,1207,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_eal_flags.c,1215,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_eal_flags.c,1220,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_eal_flags.c,1234,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_eal_flags.c,1243,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_eal_flags.c,1248,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_eal_flags.c,1532,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_cmdline_ipaddr.c,195,"suspicious string literal, probably missing a comma", dpdk-stable-22.11.2/app/test/test_reciprocal_division_perf.c,53,Division by zero., dpdk-stable-22.11.2/app/test/test_reciprocal_division.c,45,Division by zero., dpdk-stable-22.11.2/app/test-pmd/parameters.c,1376,Null pointer passed to 1st parameter expecting 'nonnull', dpdk-stable-22.11.2/drivers/event/ihqm/ihqm.c,1228,"argument with implicit conversion from 'bool' to 'uint8_t' (aka 'unsigned char') followed by argument converted from 'int' to 'bool', potentially swapped arguments.",
