mem: fix possible integer overflow

It is possible to get an integer overflow if we try to reserve a memzone
with len = 0 (meaning the maximum contiguous space available) and the
maximum available elem size is less than (MALLOC_ELEM_OVERHEAD + align).

Coverity issue: 107111

Fixes: fafcc11985a2 ("mem: rework memzone to be allocated by malloc")

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
This commit is contained in:
Sergio Gonzalez Monroy 2016-06-14 19:07:18 +01:00 committed by Thomas Monjalon
parent 3f0339efc1
commit d4ee3c61c0

@ -119,6 +119,9 @@ find_heap_max_free_elem(int *s, unsigned align)
}
}
if (len < MALLOC_ELEM_OVERHEAD + align)
return 0;
return len - MALLOC_ELEM_OVERHEAD - align;
}
@ -197,8 +200,13 @@ memzone_reserve_aligned_thread_unsafe(const char *name, size_t len,
if (len == 0) {
if (bound != 0)
requested_len = bound;
else
else {
requested_len = find_heap_max_free_elem(&socket_id, align);
if (requested_len == 0) {
rte_errno = ENOMEM;
return NULL;
}
}
}
if (socket_id == SOCKET_ID_ANY)