ring: fix overflow in memory size calculation

[ upstream commit 0e4dc6a ] Parameters count and esize are both unsigned int, and their product can legaly exceed unsigned int and lead to runtime access violation. Fixes: cc4b218 ("ring: support configurable element size") Signed-off-by: Zhihong Wang <wangzhihong.wzh@bytedance.com> Reviewed-by: Liang Ma <liangma@liangbit.com> Reviewed-by: Morten Brørup <mb@smartsharesystems.com> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
kevintraynor · Feb 21, 2022 · 5a9f8c2 · 5a9f8c2
1 parent 8b45a1d
commit 5a9f8c2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/ring/rte_ring.c b/lib/ring/rte_ring.c
@@ -75,7 +75,7 @@ rte_ring_get_memsize_elem(unsigned int esize, unsigned int count)
 		return -EINVAL;
 	}
 
-	sz = sizeof(struct rte_ring) + count * esize;
+	sz = sizeof(struct rte_ring) + (ssize_t)count * esize;
 	sz = RTE_ALIGN(sz, RTE_CACHE_LINE_SIZE);
 	return sz;
 }