From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Monjalon <thomas.monjalon@6wind.com>
Subject: Re: [PATCH v5] eal: out-of-bounds write
Date: Mon, 20 Jun 2016 11:14:41 +0200
Message-ID: <3354397.Tgjzuq1405@xps13>
References: <1466088738-16990-1-git-send-email-slawomirx.mrozowicz@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7Bit
Cc: dev@dpdk.org, david.marchand@6wind.com
To: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mail-wm0-f54.google.com (mail-wm0-f54.google.com [74.125.82.54])
 by dpdk.org (Postfix) with ESMTP id CA7BD95CD
 for <dev@dpdk.org>; Mon, 20 Jun 2016 11:14:47 +0200 (CEST)
Received: by mail-wm0-f54.google.com with SMTP id r201so52132110wme.1
 for <dev@dpdk.org>; Mon, 20 Jun 2016 02:14:47 -0700 (PDT)
In-Reply-To: <1466088738-16990-1-git-send-email-slawomirx.mrozowicz@intel.com>
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

2016-06-16 16:52, Slawomir Mrozowicz:
> Overrunning array mcfg->memseg of 256 44-byte elements
> at element index 257 using index j.
> Fixed by add condition with message information.
> 
> Fixes: af75078fece3 ("first public release")
> Coverity ID 13282

Please use this formatting:
Coverity issue: 13282

> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> ---
> v5:
> - update message
> v4:
> - remove check condition from loop
> v3:
> - add check condition inside and outside the loop
> v2:
> - add message information

The changelog is OK.
Please use --in-reply-to when making a new revision to keep them
in the same thread.

> --- a/lib/librte_eal/linuxapp/eal/eal_memory.c
> +++ b/lib/librte_eal/linuxapp/eal/eal_memory.c
> @@ -1301,6 +1301,14 @@ rte_eal_hugepage_init(void)
>  			break;
>  		}
>  

No newline needed here. The check is directly related to the
previous loop.

> +	if (j >= RTE_MAX_MEMSEG) {

It is out of the scope of this patch but I REALLY HATE this variable j.
Considering a more meaningful rename would be a nice patch.

> +		RTE_LOG(ERR, EAL,
> +			"All memory segments exhausted by IVSHMEM. "

There is no evidence that it is related to IVSHMEM.
"Not enough memory segments." would be more appropriate.

> +			"Try recompiling with larger RTE_MAX_MEMSEG "
> +			"then current %d\n", RTE_MAX_MEMSEG);

then -> than