From: Zhihong Wang <wangzhihong.wzh@bytedance.com>
Date: Tue, 14 Dec 2021 03:30:16 +0000 (+0800)
Subject: ring: fix overflow in memory size calculation
X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=0e4dc6af06228c8504a5538512cb31ed7bf6cc23;p=dpdk.git

ring: fix overflow in memory size calculation

Parameters count and esize are both unsigned int, and their product can
legaly exceed unsigned int and lead to runtime access violation.

Fixes: cc4b218790f6 ("ring: support configurable element size")
Cc: stable@dpdk.org

Signed-off-by: Zhihong Wang <wangzhihong.wzh@bytedance.com>
Reviewed-by: Liang Ma <liangma@liangbit.com>
Reviewed-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---

diff --git a/lib/ring/rte_ring.c b/lib/ring/rte_ring.c
index 185f9be798..6a94a038c4 100644
--- a/lib/ring/rte_ring.c
+++ b/lib/ring/rte_ring.c
@@ -75,7 +75,7 @@ rte_ring_get_memsize_elem(unsigned int esize, unsigned int count)
 		return -EINVAL;
 	}
 
-	sz = sizeof(struct rte_ring) + count * esize;
+	sz = sizeof(struct rte_ring) + (ssize_t)count * esize;
 	sz = RTE_ALIGN(sz, RTE_CACHE_LINE_SIZE);
 	return sz;
 }