examples/l3fwd: fix buffer overflow in Tx

[ upstream commit 0490d69d58d9d75c37e780966c837a062658f528 ] This patch fixes the stack buffer overflow error reported from AddressSanitizer. Function send_packetsx4() tries to access out of bound data from rte_mbuf and fill it into TX buffer even in the case where no pending packets (len = 0). Performance impact:- No ASAN error report:- ==819==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xffffe2c0dcf0 at pc 0x0000005e791c bp 0xffffe2c0d7e0 sp 0xffffe2c0d800 READ of size 8 at 0xffffe2c0dcf0 thread T0 #0 0x5e7918 in send_packetsx4 ../examples/l3fwd/l3fwd_common.h:251 #1 0x5e7918 in send_packets_multi ../examples/l3fwd/l3fwd_neon.h:226 Fixes: 96ff445 ("examples/l3fwd: reorganise and optimize LPM code path") Signed-off-by: Rahul Bhansali <rbhansali@marvell.com> Reviewed-by: Conor Walsh <conor.walsh@intel.com> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
cpaelzer · Mar 17, 2022 · d3847ac · d3847ac
1 parent 61f29e7
commit d3847ac
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/examples/l3fwd/l3fwd_common.h b/examples/l3fwd/l3fwd_common.h
@@ -236,6 +236,9 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[],
 
 		/* copy rest of the packets into the TX buffer. */
 		len = num - n;
+		if (len == 0)
+			goto exit;
+
 		j = 0;
 		switch (len % FWDSTEP) {
 		while (j < len) {
@@ -258,6 +261,7 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[],
 		}
 	}
 
+exit:
 	qconf->tx_mbufs[port].len = len;
 }