malloc: fix out-of-bounds segment array access

Technically, while the pointer would've been invalid if msl_idx were invalid, we wouldn't have actually attempted to access the pointer until verifying the index. Fix it by moving array access to after we've verified validity of the index. Coverity issue: 272574 Fixes: 66cc45e293ed ("mem: replace memseg with memseg lists") Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Harry van Haaren <harry.van.haaren@intel.com>
2018-04-16 17:45:00 +01:00 · 2018-04-16 17:45:00 +01:00 · 0af8db3172
commit 0af8db3172
parent 627e80e4f6
1 changed files with 2 additions and 1 deletions
--- a/lib/librte_eal/common/malloc_heap.c
+++ b/lib/librte_eal/common/malloc_heap.c
@ -99,11 +99,12 @@ malloc_add_seg(const struct rte_memseg_list *msl,

 	/* msl is const, so find it */
 	msl_idx = msl - mcfg->memsegs;
-	found_msl = &mcfg->memsegs[msl_idx];

 	if (msl_idx < 0 || msl_idx >= RTE_MAX_MEMSEG_LISTS)
 		return -1;

+	found_msl = &mcfg->memsegs[msl_idx];
+
 	malloc_heap_add_memory(heap, found_msl, ms->addr, len);

 	RTE_LOG(DEBUG, EAL, "Added %zuM to heap on socket %i\n", len >> 20,