From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tiwei Bie <tiwei.bie@intel.com>
Subject: [PATCH 4/6] vhost: fix possible out of bound access in
	vector filling
Date: Fri,  4 Jan 2019 12:06:40 +0800
Message-ID: <20190104040642.27463-5-tiwei.bie@intel.com>
References: <20190104040642.27463-1-tiwei.bie@intel.com>
Cc: stable@dpdk.org
To: maxime.coquelin@redhat.com,
	zhihong.wang@intel.com,
	dev@dpdk.org
Return-path: <dev-bounces@dpdk.org>
In-Reply-To: <20190104040642.27463-1-tiwei.bie@intel.com>
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Fixes: 7f74b95c444f ("vhost: pre update used ring for Tx and Rx")
Cc: stable@dpdk.org

Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
---
 lib/librte_vhost/virtio_net.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c
index 474acf64d..d64c355b9 100644
--- a/lib/librte_vhost/virtio_net.c
+++ b/lib/librte_vhost/virtio_net.c
@@ -312,6 +312,9 @@ fill_vec_buf_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
 	struct vring_desc *descs = vq->desc;
 	struct vring_desc *idesc = NULL;
 
+	if (unlikely(idx >= vq->size))
+		return -1;
+
 	*desc_chain_head = idx;
 
 	if (vq->desc[idx].flags & VRING_DESC_F_INDIRECT) {
-- 
2.17.1