ring: fix overflow in memory size calculation

Parameters count and esize are both unsigned int, and their product can
legaly exceed unsigned int and lead to runtime access violation.

Fixes: cc4b218790f6 ("ring: support configurable element size")
Cc: stable@dpdk.org
Signed-off-by: Zhihong Wang <wangzhihong.wzh@bytedance.com>
Reviewed-by: Liang Ma <liangma@liangbit.com>
Reviewed-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

diff --git a/lib/ring/rte_ring.c b/lib/ring/rte_ring.c
index 185f9be..6a94a03 100644 (file)
--- a/lib/ring/rte_ring.c
+++ b/lib/ring/rte_ring.c
@@ -75,7 +75,7 @@ rte_ring_get_memsize_elem(unsigned int esize, unsigned int count)
                return -EINVAL;
        }
 
-       sz = sizeof(struct rte_ring) + count * esize;
+       sz = sizeof(struct rte_ring) + (ssize_t)count * esize;
        sz = RTE_ALIGN(sz, RTE_CACHE_LINE_SIZE);
        return sz;
 }