vhost: fix possible out of bound access in vector filling

Fixes: 7f74b95c444f ("vhost: pre update used ring for Tx and Rx")
Cc: stable@dpdk.org
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c
index 474acf6..d64c355 100644 (file)
--- a/lib/librte_vhost/virtio_net.c
+++ b/lib/librte_vhost/virtio_net.c
@@ -312,6 +312,9 @@ fill_vec_buf_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
        struct vring_desc *descs = vq->desc;
        struct vring_desc *idesc = NULL;
 
+       if (unlikely(idx >= vq->size))
+               return -1;
+
        *desc_chain_head = idx;
 
        if (vq->desc[idx].flags & VRING_DESC_F_INDIRECT) {