Hi Emmanuel, > -----Original Message----- > From: Emmanuel Roullit [mailto:emmanuel.roul...@gmail.com] > Sent: Tuesday, January 24, 2017 8:39 PM > To: Dumitrescu, Cristian <cristian.dumitre...@intel.com> > Cc: dev@dpdk.org; sta...@dpdk.org > Subject: [PATCH] rte_table: ensure prev bucket has a valid pointer > > Fixes: 43f15e28377f ("table: fix verification on hash bucket header > alignment") > > Signed-off-by: Emmanuel Roullit <emmanuel.roul...@gmail.com> > --- > lib/librte_table/rte_table_hash_key16.c | 7 +++++-- > lib/librte_table/rte_table_hash_key32.c | 7 +++++-- > 2 files changed, 10 insertions(+), 4 deletions(-) > > diff --git a/lib/librte_table/rte_table_hash_key16.c > b/lib/librte_table/rte_table_hash_key16.c > index 08d4d77eb..9c04e7f5e 100644 > --- a/lib/librte_table/rte_table_hash_key16.c > +++ b/lib/librte_table/rte_table_hash_key16.c > @@ -483,8 +483,11 @@ rte_table_hash_entry_add_key16_ext( > > bucket = (struct rte_bucket_4_16 *) &f->memory[(f- > >n_buckets + > bucket_index) * f->bucket_size]; > - bucket_prev->next = bucket; > - bucket_prev->next_valid = 1; > + > + if (bucket_prev) { > + bucket_prev->next = bucket; > + bucket_prev->next_valid = 1; > + } > > bucket->signature[0] = signature; > memcpy(bucket->key[0], key, f->key_size); > diff --git a/lib/librte_table/rte_table_hash_key32.c > b/lib/librte_table/rte_table_hash_key32.c > index 161f6b7a7..27e221be9 100644 > --- a/lib/librte_table/rte_table_hash_key32.c > +++ b/lib/librte_table/rte_table_hash_key32.c > @@ -471,8 +471,11 @@ rte_table_hash_entry_add_key32_ext( > bucket = (struct rte_bucket_4_32 *) > &f->memory[(f->n_buckets + bucket_index) * > f->bucket_size]; > - bucket_prev->next = bucket; > - bucket_prev->next_valid = 1; > + > + if (bucket_prev) { > + bucket_prev->next = bucket; > + bucket_prev->next_valid = 1; > + } > > bucket->signature[0] = signature; > memcpy(bucket->key[0], key, f->key_size); > -- > 2.11.0
Each table bucket is initialized with a group of 4 entries which can be further extended with one (or several) groups of 4 entries (we also call a group of 4 entries as a bucket). Therefore, there is no way bucket_prev could be NULL. Were you able to hit a case with bucket_prev == NULL at run-time, or was this produced by a code analysis tool (in which case this is likely a false positive)? Regards, Cristian
