http://bugs.dpdk.org/show_bug.cgi?id=1859
Bug ID: 1859
Summary: common/cnxk: out of bounds access
Product: DPDK
Version: 25.11
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Gcc 16 detects out of bounds array access:
In function ‘nix_inl_selftest_work_cb’,
inlined from ‘inl_outb_soft_exp_poll’ at
../drivers/common/cnxk/roc_nix_inl_dev.c:1173:4,
inlined from ‘nix_inl_outb_poll_thread’ at
../drivers/common/cnxk/roc_nix_inl_dev.c:1201:6:
../drivers/common/cnxk/roc_nix_inl_dev.c:43:19: warning: array subscript 1 is
outside array bounds of ‘uint64_t[1]’ {aka ‘long unsigned int[1]’}
[-Warray-bounds=]
43 | uintptr_t work = gw[1];
| ^~~~
../drivers/common/cnxk/roc_nix_inl_dev.c: In function
‘nix_inl_outb_poll_thread’:
../drivers/common/cnxk/roc_nix_inl_dev.c:1172:34: note: at offset 8 into object
‘tmp’ of size 8
1172 | uint64_t tmp = ~(uint32_t)0x0;
| ^~~
The code in question is:
static void
inl_outb_soft_exp_poll(struct nix_inl_dev *inl_dev, uint32_t ring_idx)
{
... if (sa != NULL) {
uint64_t tmp = ~(uint32_t)0x0;
inl_dev->work_cb(&tmp, sa, NIX_INL_SOFT_EXPIRY_THRD,
NULL, port_id);
...
static void
nix_inl_selftest_work_cb(uint64_t *gw, void *args, enum nix_inl_event_type
type, void *cq_s,
uint32_t port_id)
{
uintptr_t work = gw[1];
(void)type;
(void)cq_s;
(void)port_id;
*((uintptr_t *)args + (gw[0] & 0x1)) = work;
plt_atomic_thread_fence(__ATOMIC_ACQ_REL);
}
I.e tmp is 64 bits, and work_cb is referencing outside of that.
--
You are receiving this mail because:
You are the assignee for the bug.
