Tainted and unvalidated integer 'idx' used as an index, which may
lead to buffer overflow.
This patch fixed it.
Fixes:
89e5eb118017 ("app/testeventdev: add string parsing helpers")
Cc: stable@dpdk.org
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
Acked-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
{
int ret;
- ret = parse_lcores_list(opt->plcores, corelist);
+ ret = parse_lcores_list(opt->plcores, RTE_MAX_LCORE, corelist);
if (ret == -E2BIG)
evt_err("duplicate lcores in plcores");
{
int ret;
- ret = parse_lcores_list(opt->wlcores, corelist);
+ ret = parse_lcores_list(opt->wlcores, RTE_MAX_LCORE, corelist);
if (ret == -E2BIG)
evt_err("duplicate lcores in wlcores");
}
int
-parse_lcores_list(bool lcores[], const char *corelist)
+parse_lcores_list(bool lcores[], int lcores_num, const char *corelist)
{
int i, idx = 0;
int min, max;
if (*corelist == '\0')
return -1;
idx = strtoul(corelist, &end, 10);
+ if (idx < 0 || idx > lcores_num)
+ return -1;
if (end == NULL)
return -1;
max = idx;
if (min == RTE_MAX_LCORE)
min = idx;
- for (idx = min; idx <= max; idx++) {
+ for (idx = min; idx < max; idx++) {
if (lcores[idx] == 1)
return -E2BIG;
lcores[idx] = 1;
int parse_tokenize_string(char *string, char *tokens[], uint32_t *n_tokens);
-int parse_lcores_list(bool lcores[], const char *corelist);
+int parse_lcores_list(bool lcores[], int lcores_num, const char *corelist);
#endif
git.droids-corp.org / dpdk.git / commitdiff