[v3,1/2] test/mempool: fix heap buffer overflow
Checks
Commit Message
The function rte_pktmbuf_init() expects that the mempool private area is
large enough and was previously initialized by rte_pktmbuf_pool_init(),
which is not the case.
This causes the function rte_pktmbuf_priv_size() to return an
unpredictable value, and this value is used as a size in a memset.
Replace the mempool object initializer by my_obj_init(), which does not
have this constraint, and fits the needs for this test.
Fixes: 923ceaeac140 ("test/mempool: add unit test cases")
Cc: stable@dpdk.org
Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
app/test/test_mempool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
27/04/2021 15:56, Olivier Matz:
> The function rte_pktmbuf_init() expects that the mempool private area is
> large enough and was previously initialized by rte_pktmbuf_pool_init(),
> which is not the case.
>
> This causes the function rte_pktmbuf_priv_size() to return an
> unpredictable value, and this value is used as a size in a memset.
>
> Replace the mempool object initializer by my_obj_init(), which does not
> have this constraint, and fits the needs for this test.
>
> Fixes: 923ceaeac140 ("test/mempool: add unit test cases")
> Cc: stable@dpdk.org
>
> Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
Replaced with Reported-by and added Olivier's signature
to match patch authorship.
Series applied, thanks.
@@ -552,7 +552,7 @@ test_mempool(void)
GOTO_ERR(ret, err);
/* test to initialize mempool objects and memory */
- nb_objs = rte_mempool_obj_iter(mp_stack_mempool_iter, rte_pktmbuf_init,
+ nb_objs = rte_mempool_obj_iter(mp_stack_mempool_iter, my_obj_init,
NULL);
if (nb_objs == 0)
GOTO_ERR(ret, err);