mem: fix possible integer overflow
It is possible to get an integer overflow if we try to reserve a memzone with len = 0 (meaning the maximum contiguous space available) and the maximum available elem size is less than (MALLOC_ELEM_OVERHEAD + align). Coverity issue: 107111 Fixes: fafcc11985a2 ("mem: rework memzone to be allocated by malloc") Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
This commit is contained in:
parent
3f0339efc1
commit
d4ee3c61c0
@ -119,6 +119,9 @@ find_heap_max_free_elem(int *s, unsigned align)
|
||||
}
|
||||
}
|
||||
|
||||
if (len < MALLOC_ELEM_OVERHEAD + align)
|
||||
return 0;
|
||||
|
||||
return len - MALLOC_ELEM_OVERHEAD - align;
|
||||
}
|
||||
|
||||
@ -197,8 +200,13 @@ memzone_reserve_aligned_thread_unsafe(const char *name, size_t len,
|
||||
if (len == 0) {
|
||||
if (bound != 0)
|
||||
requested_len = bound;
|
||||
else
|
||||
else {
|
||||
requested_len = find_heap_max_free_elem(&socket_id, align);
|
||||
if (requested_len == 0) {
|
||||
rte_errno = ENOMEM;
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (socket_id == SOCKET_ID_ANY)
|
||||
|
Loading…
x
Reference in New Issue
Block a user