On 25-Apr-18 9:24 AM, Tan, Jianfeng wrote:
On 4/17/2018 11:48 PM, Anatoly Burakov wrote:
Return value from rte_socket_id_by_idx() may be negative, which would
result in negative index access.
Additionally, return value was of mismatched type (function returns
signed int, socket id was unsigned).
Coverity issue: 272571
Coverity issue: 272597
Fixes: 30bc6bf0d516 ("malloc: add function to dump heap contents")
Cc: anatoly.bura...@intel.com
Signed-off-by: Anatoly Burakov <anatoly.bura...@intel.com>
---
lib/librte_eal/common/rte_malloc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/librte_eal/common/rte_malloc.c
b/lib/librte_eal/common/rte_malloc.c
index b51a6d1..f207ba2 100644
--- a/lib/librte_eal/common/rte_malloc.c
+++ b/lib/librte_eal/common/rte_malloc.c
@@ -169,7 +169,11 @@ rte_malloc_dump_heaps(FILE *f)
unsigned int idx;
for (idx = 0; idx < rte_socket_count(); idx++) {
- unsigned int socket = rte_socket_id_by_idx(idx);
+ int socket = rte_socket_id_by_idx(idx);
+ if (socket < 0) {
+ RTE_LOG(ERR, EAL, "Invalid socket index: %u\n", idx);
+ continue;
+ }
For such check (and many others), we are clear that idx is guaranteed by
rte_socket_count(), so rte_socket_id_by_idx() can never return -1. So
why not just reporting this as false-positive?
Well, technically, if someone were to corrupt rte_config, it would
introduce a possibility of a negative return. However, i guess, at that
point we've got bigger problems, so perhaps you're right and i should
drop these fixes.
Thanks,
Jianfeng
fprintf(f, "Heap on socket %i:\n", socket);
malloc_heap_dump(&mcfg->malloc_heaps[socket], f);
}
--
Thanks,
Anatoly
