* [DPDK/ethdev Bug 1791] cnxk driver reference past requested xstat array
@ 2025-09-23 14:05 bugzilla
0 siblings, 0 replies; only message in thread
From: bugzilla @ 2025-09-23 14:05 UTC (permalink / raw)
To: dev
[-- Attachment #1: Type: text/plain, Size: 1446 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1791
Bug ID: 1791
Summary: cnxk driver reference past requested xstat array
Product: DPDK
Version: 25.07
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: stephen@networkplumber.org
Target Milestone: ---
Because the cnxk driver ignores the limit arguement in some functions such as
xstat_names_get(). If the application asks for only some of the values in the
xstats then an out of bounds reference is possible.
Something like:
struct rte_esth_xstat_name names[20];
rte_eth_xstat_get_names(port_id, names, 20);
will cause out of bound array reference down here:
int
roc_nix_xstats_names_get(struct roc_nix *roc_nix,
struct roc_nix_xstat_name *xstats_names,
unsigned int limit)
{
struct nix *nix = roc_nix_to_nix_priv(roc_nix);
struct idev_cfg *idev = idev_get_cfg();
uint64_t i, count = 0;
PLT_SET_USED(limit);
for (i = 0; i < CNXK_NIX_NUM_TX_XSTATS; i++) {
NIX_XSTATS_NAME_PRINT(xstats_names, count, nix_tx_xstats, i);
count++;
}
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 3325 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-09-23 14:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-23 14:05 [DPDK/ethdev Bug 1791] cnxk driver reference past requested xstat array bugzilla
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.