[dpdk-dev] [PATCH] net/e1000: fix memcpy length error

Tue, 12 Sep 2017 05:58:16 -0700 

The size of "flex_filter.filter_info.mask" and "filter->mask" is 16
bytes, but the length of memcpy--"RTE_ALIGN(filter->len, sizeof(char))
/ sizeof(char)" may reach 128 bytes which may cause array access out
of bound. Fix it by replacing "sizeof(char)" by "CHAR_BIT".

Signed-off-by: Yong Wang <wang.yon...@zte.com.cn>
---
 drivers/net/e1000/igb_ethdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/e1000/igb_ethdev.c b/drivers/net/e1000/igb_ethdev.c
index e4f7a9f..8078a1e 100644
--- a/drivers/net/e1000/igb_ethdev.c
+++ b/drivers/net/e1000/igb_ethdev.c
@@ -4094,7 +4094,7 @@ static void igbvf_set_vfta_all(struct rte_eth_dev *dev, 
bool on)
        flex_filter.filter_info.priority = filter->priority;
        memcpy(flex_filter.filter_info.dwords, filter->bytes, filter->len);
        memcpy(flex_filter.filter_info.mask, filter->mask,
-                       RTE_ALIGN(filter->len, sizeof(char)) / sizeof(char));
+                       RTE_ALIGN(filter->len, CHAR_BIT) / CHAR_BIT);
 
        it = eth_igb_flex_filter_lookup(&filter_info->flex_list,
                                &flex_filter.filter_info);
-- 
1.8.3.1

Reply via email to