diff mbox series

[3/4] bus/pci/bsd: Eliminate potential overflow

Message ID 20250506174046.1136711-4-jfree@FreeBSD.org (mailing list archive)
State New
Delegated to: Thomas Monjalon
Headers
Series BSD PCI Fixes |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Jake Freeland May 6, 2025, 5:40 p.m. UTC 
When calling rte_pci_write_config(), use memcpy(3) to copy @len bytes
of @buf into local memory instead of casting it to a uint32_t pointer
and dereferencing it. This prevents us from reading data outside of
@buf in the case that @buf has a length less than 32 bits.

Signed-off-by: Jake Freeland <jfree@FreeBSD.org>
---
 drivers/bus/pci/bsd/pci.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Burakov, Anatoly May 8, 2025, 11:28 a.m. UTC | #1 
On 5/6/2025 7:40 PM, Jake Freeland wrote:
> When calling rte_pci_write_config(), use memcpy(3) to copy @len bytes
> of @buf into local memory instead of casting it to a uint32_t pointer
> and dereferencing it. This prevents us from reading data outside of
> @buf in the case that @buf has a length less than 32 bits.
> 
> Signed-off-by: Jake Freeland <jfree@FreeBSD.org>
> ---
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
diff mbox series

Patch

diff --git a/drivers/bus/pci/bsd/pci.c b/drivers/bus/pci/bsd/pci.c
index 0581daf130..c64cd2c86c 100644
--- a/drivers/bus/pci/bsd/pci.c
+++ b/drivers/bus/pci/bsd/pci.c
@@ -467,7 +467,6 @@  int rte_pci_write_config(const struct rte_pci_device *dev,
 			.pc_func = dev->addr.function,
 		},
 		.pi_reg = offset,
-		.pi_data = *(const uint32_t *)buf,
 		.pi_width = len,
 	};
 
@@ -476,7 +475,7 @@  int rte_pci_write_config(const struct rte_pci_device *dev,
 		goto error;
 	}
 
-	memcpy(&pi.pi_data, buf, len);
+	memcpy(&pi.pi_data, buf, MIN(len, sizeof(pi.pi_data)));
 
 	fd = open("/dev/pci", O_RDWR);
 	if (fd < 0) {