From: Sergei Iashin <yashin.sergey@gmail.com>
To: Harman Kalra <hkalra@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Santosh Shukla <santosh.shukla@caviumnetworks.com>
Cc: dev@dpdk.org, stable@dpdk.org, jerin.jacob@caviumnetworks.com,
Sergei Iashin <yashin.sergey@gmail.com>
Subject: [PATCH] net/octeontx: fix buffer overflow in device name formatting
Date: Tue, 7 Apr 2026 10:57:32 +0300 [thread overview]
Message-ID: <20260407075732.1175609-1-yashin.sergey@gmail.com> (raw)
Replace sprintf with snprintf when formatting into the fixed-size
octtx_name buffer in octeontx_create and octeontx_remove. The device
name can be up to 63 bytes (RTE_DEV_NAME_MAX_LEN) while the buffer
is only 32 bytes (OCTEONTX_MAX_NAME_LEN), which may cause a stack
buffer overflow with a long user-provided --vdev name.
Fixes: f18b146c498d ("net/octeontx: create ethdev ports")
Cc: stable@dpdk.org
Signed-off-by: Sergei Iashin <yashin.sergey@gmail.com>
---
drivers/net/octeontx/octeontx_ethdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/octeontx/octeontx_ethdev.c b/drivers/net/octeontx/octeontx_ethdev.c
index 21e3e56901..e4dca30d9d 100644
--- a/drivers/net/octeontx/octeontx_ethdev.c
+++ b/drivers/net/octeontx/octeontx_ethdev.c
@@ -1555,7 +1555,7 @@ octeontx_create(struct rte_vdev_device *dev, int port, uint8_t evdev,
PMD_INIT_FUNC_TRACE();
- sprintf(octtx_name, "%s_%d", name, port);
+ snprintf(octtx_name, sizeof(octtx_name), "%s_%d", name, port);
if (rte_eal_process_type() != RTE_PROC_PRIMARY) {
eth_dev = rte_eth_dev_attach_secondary(octtx_name);
if (eth_dev == NULL)
@@ -1711,7 +1711,7 @@ octeontx_remove(struct rte_vdev_device *dev)
return -EINVAL;
for (i = 0; i < OCTEONTX_VDEV_DEFAULT_MAX_NR_PORT; i++) {
- sprintf(octtx_name, "eth_octeontx_%d", i);
+ snprintf(octtx_name, sizeof(octtx_name), "eth_octeontx_%d", i);
eth_dev = rte_eth_dev_allocated(octtx_name);
if (eth_dev == NULL)
--
2.39.5
reply other threads:[~2026-04-08 8:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260407075732.1175609-1-yashin.sergey@gmail.com \
--to=yashin.sergey@gmail.com \
--cc=dev@dpdk.org \
--cc=hkalra@marvell.com \
--cc=jerin.jacob@caviumnetworks.com \
--cc=jerinj@marvell.com \
--cc=santosh.shukla@caviumnetworks.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox