Message ID | 1459784718-22856-1-git-send-email-olivier.matz@6wind.com (mailing list archive) |
---|---|
State | Accepted, archived |
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 1219E293B; Mon, 4 Apr 2016 17:46:03 +0200 (CEST) Received: from proxy.6wind.com (host.76.145.23.62.rev.coltfrance.com [62.23.145.76]) by dpdk.org (Postfix) with ESMTP id 658E1292D for <dev@dpdk.org>; Mon, 4 Apr 2016 17:46:02 +0200 (CEST) Received: from glumotte.dev.6wind.com (unknown [10.16.0.195]) by proxy.6wind.com (Postfix) with ESMTP id B11A525FB4; Mon, 4 Apr 2016 17:45:19 +0200 (CEST) From: Olivier Matz <olivier.matz@6wind.com> To: dev@dpdk.org Cc: john.mcnamara@intel.com Date: Mon, 4 Apr 2016 17:45:18 +0200 Message-Id: <1459784718-22856-1-git-send-email-olivier.matz@6wind.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <B27915DBBA3421428155699D51E4CFE20249A478@IRSMSX103.ger.corp.intel.com> References: <B27915DBBA3421428155699D51E4CFE20249A478@IRSMSX103.ger.corp.intel.com> Subject: [dpdk-dev] [PATCH] xstats: fix behavior when a null array is provided X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Commit Message
Olivier Matz
April 4, 2016, 3:45 p.m. UTC
Coverity reports an issue in ethdev: *** CID 124562: Null pointer dereferences (FORWARD_NULL) /lib/librte_ether/rte_ethdev.c: 1518 in rte_eth_xstats_get() 1512 1513 /* global stats */ 1514 for (i = 0; i < RTE_NB_STATS; i++) { 1515 stats_ptr = RTE_PTR_ADD(ð_stats, 1516 rte_stats_strings[i].offset); 1517 val = *stats_ptr; >>> CID 124562: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "xstats". 1518 snprintf(xstats[count].name, sizeof(xstats[count].name), 1519 "%s", rte_stats_strings[i].name); 1520 xstats[count++].value = val; 1521 } 1522 1523 /* per-rxq stats */ If a user calls rte_eth_xstats_get(portid, NULL, n) with n != 0, it may result in a crash. Although the API documentation says that n is the size of the table and xstats can be NULL if n == 0, we can add an additional check here to make Coverity happy. In that case, the return value is the same than when n == 0 is passed, it returns the number of statistics. Fixes: ce757f5c9a ("ethdev: new method to retrieve extended statistics") Signed-off-by: Olivier Matz <olivier.matz@6wind.com> --- lib/librte_ether/rte_ethdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Comments
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Olivier Matz > Subject: [dpdk-dev] [PATCH] xstats: fix behavior when a null array is provided > > Coverity reports an issue in ethdev: > > *** CID 124562: Null pointer dereferences (FORWARD_NULL) > /lib/librte_ether/rte_ethdev.c: 1518 in rte_eth_xstats_get() > 1512 > 1513 /* global stats */ > 1514 for (i = 0; i < RTE_NB_STATS; i++) { > 1515 stats_ptr = RTE_PTR_ADD(ð_stats, > 1516 > rte_stats_strings[i].offset); > 1517 val = *stats_ptr; > >>> CID 124562: Null pointer dereferences (FORWARD_NULL) > >>> Dereferencing null pointer "xstats". > 1518 snprintf(xstats[count].name, > sizeof(xstats[count].name), > 1519 "%s", rte_stats_strings[i].name); > 1520 xstats[count++].value = val; > 1521 } > 1522 > 1523 /* per-rxq stats */ > > If a user calls rte_eth_xstats_get(portid, NULL, n) with n != 0, > it may result in a crash. Although the API documentation says that > n is the size of the table and xstats can be NULL if n == 0, we > can add an additional check here to make Coverity happy. > > In that case, the return value is the same than when n == 0 is > passed, it returns the number of statistics. > > Fixes: ce757f5c9a ("ethdev: new method to retrieve extended statistics") > Signed-off-by: Olivier Matz <olivier.matz@6wind.com> I'm unsure on how verbose commit messages are ideal, but there's certainly enough description here :) Acked-by: Harry van Haaren <harry.van.haaren@intel.com>
2016-04-05 11:06, Van Haaren, Harry: > > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Olivier Matz > > Subject: [dpdk-dev] [PATCH] xstats: fix behavior when a null array is provided > > > > Coverity reports an issue in ethdev: > > > > *** CID 124562: Null pointer dereferences (FORWARD_NULL) > > /lib/librte_ether/rte_ethdev.c: 1518 in rte_eth_xstats_get() > > 1512 > > 1513 /* global stats */ > > 1514 for (i = 0; i < RTE_NB_STATS; i++) { > > 1515 stats_ptr = RTE_PTR_ADD(ð_stats, > > 1516 > > rte_stats_strings[i].offset); > > 1517 val = *stats_ptr; > > >>> CID 124562: Null pointer dereferences (FORWARD_NULL) > > >>> Dereferencing null pointer "xstats". > > 1518 snprintf(xstats[count].name, > > sizeof(xstats[count].name), > > 1519 "%s", rte_stats_strings[i].name); > > 1520 xstats[count++].value = val; > > 1521 } > > 1522 > > 1523 /* per-rxq stats */ > > > > If a user calls rte_eth_xstats_get(portid, NULL, n) with n != 0, > > it may result in a crash. Although the API documentation says that > > n is the size of the table and xstats can be NULL if n == 0, we > > can add an additional check here to make Coverity happy. > > > > In that case, the return value is the same than when n == 0 is > > passed, it returns the number of statistics. > > > > Fixes: ce757f5c9a ("ethdev: new method to retrieve extended statistics") > > Signed-off-by: Olivier Matz <olivier.matz@6wind.com> > > I'm unsure on how verbose commit messages are ideal, > but there's certainly enough description here :) > > Acked-by: Harry van Haaren <harry.van.haaren@intel.com> Applied, thanks
diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c index 76a30fd..60d2573 100644 --- a/lib/librte_ether/rte_ethdev.c +++ b/lib/librte_ether/rte_ethdev.c @@ -1503,7 +1503,7 @@ rte_eth_xstats_get(uint8_t port_id, struct rte_eth_xstats *xstats, return xcount; } - if (n < count + xcount) + if (n < count + xcount || xstats == NULL) return count + xcount; /* now fill the xstats structure */