net/iavf: fix potential out-of-bounds access

[ upstream commit d78d21b ] Fix potential out-of-bounds access as overrunning callee's array of size 26 by passing argument rxq->rxdid(which evaluates to 63) in call to iavf_rx_scan_hw_ring_flex_rxd. Coverity issue: 376616 Fixes: 0ed16e0 ("net/iavf: fix function pointer in multi-process") Signed-off-by: Leyi Rong <leyi.rong@intel.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
kevintraynor · Mar 10, 2022 · 6472c2d · 6472c2d
1 parent 67191a9
commit 6472c2d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/net/iavf/iavf_rxtx.c b/drivers/net/iavf/iavf_rxtx.c
@@ -477,7 +477,7 @@ iavf_rxd_to_pkt_fields_by_comms_aux_v2(struct iavf_rx_queue *rxq,
 }
 
 static const
-iavf_rxd_to_pkt_fields_t rxd_to_pkt_fields_ops[] = {
+iavf_rxd_to_pkt_fields_t rxd_to_pkt_fields_ops[IAVF_RXDID_LAST + 1] = {
 	[IAVF_RXDID_COMMS_AUX_VLAN] = iavf_rxd_to_pkt_fields_by_comms_aux_v1,
 	[IAVF_RXDID_COMMS_AUX_IPV4] = iavf_rxd_to_pkt_fields_by_comms_aux_v1,
 	[IAVF_RXDID_COMMS_AUX_IPV6] = iavf_rxd_to_pkt_fields_by_comms_aux_v1,