From 2329a101f478c6afe59b7d92a284d19b19e8326a Mon Sep 17 00:00:00 2001 From: Olivier Matz Date: Mon, 4 Apr 2016 17:45:18 +0200 Subject: [PATCH] ethdev: fix xstats retrieval with a null array Coverity reports an issue in ethdev: *** CID 124562: Null pointer dereferences (FORWARD_NULL) /lib/librte_ether/rte_ethdev.c: 1518 in rte_eth_xstats_get() 1512 1513 /* global stats */ 1514 for (i = 0; i < RTE_NB_STATS; i++) { 1515 stats_ptr = RTE_PTR_ADD(ð_stats, 1516 rte_stats_strings[i].offset); 1517 val = *stats_ptr; >>> CID 124562: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "xstats". 1518 snprintf(xstats[count].name, sizeof(xstats[count].name), 1519 "%s", rte_stats_strings[i].name); 1520 xstats[count++].value = val; 1521 } 1522 1523 /* per-rxq stats */ If a user calls rte_eth_xstats_get(portid, NULL, n) with n != 0, it may result in a crash. Although the API documentation says that n is the size of the table and xstats can be NULL if n == 0, we can add an additional check here to make Coverity happy. In that case, the return value is the same than when n == 0 is passed, it returns the number of statistics. Fixes: ce757f5c9a ("ethdev: new method to retrieve extended statistics") Signed-off-by: Olivier Matz Acked-by: Harry van Haaren --- lib/librte_ether/rte_ethdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c index fd49b26af8..dcf9e6f55d 100644 --- a/lib/librte_ether/rte_ethdev.c +++ b/lib/librte_ether/rte_ethdev.c @@ -1536,7 +1536,7 @@ rte_eth_xstats_get(uint8_t port_id, struct rte_eth_xstats *xstats, return xcount; } - if (n < count + xcount) + if (n < count + xcount || xstats == NULL) return count + xcount; /* now fill the xstats structure */ -- 2.20.1