contigmem: fix buffer overrun on unload

The maximum mount contiguous memory regions for FreeBSD is limited by
RTE_CONTIGMEM_MAX_NUM_BUFS, a pointer to each region is stored in
static void * contigmem_buffers[RTE_CONTIGMEM_MAX_NUM_BUFS]

A user can specify a greater amount via hw.contigmem.num_buffers,
while the allocation logic will prevent this allocation from occuring the logic
in contigmem_unload() will attempt to free hw.contigmem.num_buffers and an
overrun occurs.

This patch limits the freeing to a maximum of RTE_CONTIGMEM_MAX_NUM_BUFS.

Signed-off-by: Alan Carew <alan.carew@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

diff --git a/lib/librte_eal/bsdapp/contigmem/contigmem.c b/lib/librte_eal/bsdapp/contigmem/contigmem.c
index b71474a..b1a23fa 100644 (file)
--- a/lib/librte_eal/bsdapp/contigmem/contigmem.c
+++ b/lib/librte_eal/bsdapp/contigmem/contigmem.c
@@ -178,7 +178,7 @@ contigmem_unload()
        if (contigmem_eh_tag != NULL)
                EVENTHANDLER_DEREGISTER(process_exit, contigmem_eh_tag);
 
-       for (i = 0; i < contigmem_num_buffers; i++)
+       for (i = 0; i < RTE_CONTIGMEM_MAX_NUM_BUFS; i++)
                if (contigmem_buffers[i] != NULL)
                        contigfree(contigmem_buffers[i], contigmem_buffer_size,
                                        M_CONTIGMEM);