net/iavf: fix potential out-of-bounds access

Fix potential out-of-bounds access as overrunning callee's array of
size 26 by passing argument rxq->rxdid(which evaluates to 63) in call
to iavf_rx_scan_hw_ring_flex_rxd.

Coverity issue: 376616
Fixes: 0ed16e01313e ("net/iavf: fix function pointer in multi-process")
Cc: stable@dpdk.org
Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

diff --git a/drivers/net/iavf/iavf_rxtx.c b/drivers/net/iavf/iavf_rxtx.c
index cb779879cbbb58aa024d5e700a3c17e685eabba2..16e8d021f9e3c0913ae9c4be1ced41b7238776f9 100644 (file)
--- a/drivers/net/iavf/iavf_rxtx.c
+++ b/drivers/net/iavf/iavf_rxtx.c
@@ -476,7 +476,7 @@ iavf_rxd_to_pkt_fields_by_comms_aux_v2(struct iavf_rx_queue *rxq,
 }
 
 static const
-iavf_rxd_to_pkt_fields_t rxd_to_pkt_fields_ops[] = {
+iavf_rxd_to_pkt_fields_t rxd_to_pkt_fields_ops[IAVF_RXDID_LAST + 1] = {
        [IAVF_RXDID_COMMS_AUX_VLAN] = iavf_rxd_to_pkt_fields_by_comms_aux_v1,
        [IAVF_RXDID_COMMS_AUX_IPV4] = iavf_rxd_to_pkt_fields_by_comms_aux_v1,
        [IAVF_RXDID_COMMS_AUX_IPV6] = iavf_rxd_to_pkt_fields_by_comms_aux_v1,