d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bitmap: fix buffer overrun in bitmap init

Browse Source 
Bitmap initialization function is allowed to memset()
caller-provided buffer with number of bytes exceeded
this buffer size. This happens due to wrong comparison
sign between buffer size and number of bytes required
to initialize bitmap.

Fixes: 602c9ca33a4 ("sched: bitmap is now dynamically allocated")
Cc: stable@dpdk.org

Reported-by: Andy Moreton <amoreton@xilinx.com>
Signed-off-by: Ivan Ilchenko <ivan.ilchenko@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>
Signed-off-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
This commit is contained in:
Ivan Ilchenko 2021-06-02 12:49:22 +03:00 committed by David Marchand
parent 469d5c0215
commit 1ffd3bc125
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/eal/include/rte_bitmap.h
View File

@ -185,9 +185,8 @@ rte_bitmap_init(uint32_t n_bits, uint8_t *mem, uint32_t mem_size)
size = __rte_bitmap_get_memory_footprint(n_bits,
&array1_byte_offset, &array1_slabs,
&array2_byte_offset, &array2_slabs);
if (size < mem_size) {
if (size > mem_size)
return NULL;
}
/* Setup bitmap */
memset(mem, 0, size);