From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Marchand Subject: [PATCH 2/2] net/bonding: fix oob access in "other" aggregator modes Date: Thu, 21 Mar 2019 21:28:14 +0100 Message-ID: <1553200094-5487-2-git-send-email-david.marchand@redhat.com> References: <1553200094-5487-1-git-send-email-david.marchand@redhat.com> Cc: ferruh.yigit@intel.com, chas3@att.com, zhaohui8@huawei.com, stable@dpdk.org To: dev@dpdk.org Return-path: In-Reply-To: <1553200094-5487-1-git-send-email-david.marchand@redhat.com> List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Zhaohui slave aggregator_port_id is in [0, RTE_MAX_ETHPORTS-1] range. If RTE_MAX_ETHPORTS is > 8, we can hit out of bound accesses on agg_bandwidth[] and agg_count[] arrays. Fixes: 6d72657ce379 ("net/bonding: add other aggregator modes") Cc: stable@dpdk.org Signed-off-by: Zhaohui Signed-off-by: David Marchand --- drivers/net/bonding/rte_eth_bond_8023ad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/bonding/rte_eth_bond_8023ad.c b/drivers/net/bonding/rte_eth_bond_8023ad.c index 3943ec1..5004898 100644 --- a/drivers/net/bonding/rte_eth_bond_8023ad.c +++ b/drivers/net/bonding/rte_eth_bond_8023ad.c @@ -669,8 +669,8 @@ struct port *agg, *port; uint16_t slaves_count, new_agg_id, i, j = 0; uint16_t *slaves; - uint64_t agg_bandwidth[8] = {0}; - uint64_t agg_count[8] = {0}; + uint64_t agg_bandwidth[RTE_MAX_ETHPORTS] = {0}; + uint64_t agg_count[RTE_MAX_ETHPORTS] = {0}; uint16_t default_slave = 0; uint16_t mode_count_id; uint16_t mode_band_id; -- 1.8.3.1