table: fix crash in LPM IPv6

Unit test table_autotest results in segmentation fault.
Crash occurs in test_table_lpm_ipv6_combined().

Variable 'nht_pos0' used as array subscript is not initialized
in rte_table_lpm_ipv6_entry_add(). It will not be assigned,
if a rule does not exist.

In such case a junk number or invalid array index might result in
segmentation fault due to array out of bounds when
lpm->nht_users is used with such invalid array index.

Fix is to initialize the variables used for array subscript.

Bugzilla ID: 285
Fixes: d89a5bce1d ("lpm6: extend next hop field")
Cc: stable@dpdk.org
Signed-off-by: Jananee Parthasarathy <jananeex.m.parthasarathy@intel.com>
Tested-by: David Marchand <david.marchand@redhat.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>

diff --git a/lib/librte_table/rte_table_lpm_ipv6.c b/lib/librte_table/rte_table_lpm_ipv6.c
index a55f808..4e068d7 100644 (file)
--- a/lib/librte_table/rte_table_lpm_ipv6.c
+++ b/lib/librte_table/rte_table_lpm_ipv6.c
@@ -182,7 +182,7 @@ rte_table_lpm_ipv6_entry_add(
        struct rte_table_lpm_ipv6 *lpm = table;
        struct rte_table_lpm_ipv6_key *ip_prefix =
                key;
-       uint32_t nht_pos, nht_pos0, nht_pos0_valid;
+       uint32_t nht_pos = 0, nht_pos0 = 0, nht_pos0_valid = 0;
        int status;
 
        /* Check input parameters */