[dpdk-dev] [PATCH v3] eal: out-of-bounds write

[Slawomir Mrozowicz]

Overrunning array mcfg->memseg of 256 44-byte elements
at element index 257 using index j.
Fixed by add condition with message information.

Fixes: af75078fece3 ("first public release")
Coverity ID 13282

Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz at intel.com>
---
 lib/librte_eal/linuxapp/eal/eal_memory.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c 
b/lib/librte_eal/linuxapp/eal/eal_memory.c
index 5b9132c..6a2daf5 100644
--- a/lib/librte_eal/linuxapp/eal/eal_memory.c
+++ b/lib/librte_eal/linuxapp/eal/eal_memory.c
@@ -1301,6 +1301,15 @@ rte_eal_hugepage_init(void)
                        break;
                }

+       if (j >= RTE_MAX_MEMSEG) {
+               RTE_LOG(ERR, EAL,
+                       "Failed: all memsegs used by ivshmem.\n"
+                       "Current %d is not enough.\n"
+                       "Please either increase the RTE_MAX_MEMSEG\n",
+                       RTE_MAX_MEMSEG);
+               return -ENOMEM;
+       }
+
        for (i = 0; i < nr_hugefiles; i++) {
                new_memseg = 0;

@@ -1333,8 +1342,14 @@ rte_eal_hugepage_init(void)

                if (new_memseg) {
                        j += 1;
-                       if (j == RTE_MAX_MEMSEG)
-                               break;
+                       if (j >= RTE_MAX_MEMSEG) {
+                               RTE_LOG(ERR, EAL,
+                                       "Failed: all memsegs used by ivshmem.\n"
+                                       "Current %d is not enough.\n"
+                                       "Please either increase the 
RTE_MAX_MEMSEG\n",
+                                       RTE_MAX_MEMSEG);
+                               return -ENOMEM;
+                       }

                        mcfg->memseg[j].phys_addr = hugepage[i].physaddr;
                        mcfg->memseg[j].addr = hugepage[i].final_va;
-- 
1.9.1