A comment on my own patch. Making the size of result_buf consistent across each OS and keeping it as large as the Linux BUFSIZ(8192) doesn't really address the core issue.
In the event that a user of librte_cmdline creates a custom context with a result structure > 8192 bytes then this problem will occur again, though somewhat unlikely, as the minimum number of the largest type would be 64 x cmdline_fixed_string_t types within a result structure, at its current size. There is no checking of overflow, I would be tempted to add a runtime check in cmdline_parse()/match_inst(), however I would be more comfortable with a build time check for this type of problem. Due to the opaque handling of user defined contexts there is no obvious way to do this at build time. Thoughts? > -----Original Message----- > From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Alan Carew > Sent: Monday, October 20, 2014 4:23 PM > To: dev at dpdk.org > Subject: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when size of > command result structure is greater than BUFSIZ > > When using test-pmd with flow director in FreeBSD, the application will > segfault/Bus error while parsing the command-line. This is due to how > each commands result structure is represented during parsing, where the > offsets > for each tokens value is stored in a character array(char result_buf[BUFSIZ]) > in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c). > > The overflow occurs where BUFSIZ is less than the size of a commands result > structure, in this case "struct cmd_pkt_filter_result" > (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as > opposed to 8192 bytes on Linux. > > This patch removes the OS dependency on BUFSIZ and defines and uses a > library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192 > > The problem can be reproduced by running test-pmd on FreeBSD: > ./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect > And adding a filter: > add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexbytes > 0x800 vlan 0 queue 0 soft 0x17 > > Signed-off-by: Alan Carew <alan.carew at intel.com> > --- > lib/librte_cmdline/cmdline_parse.c | 2 +- > lib/librte_cmdline/cmdline_parse.h | 3 +++ > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/lib/librte_cmdline/cmdline_parse.c > b/lib/librte_cmdline/cmdline_parse.c > index 940480d..29f1afd 100644 > --- a/lib/librte_cmdline/cmdline_parse.c > +++ b/lib/librte_cmdline/cmdline_parse.c > @@ -219,7 +219,7 @@ cmdline_parse(struct cmdline *cl, const char * buf) > unsigned int inst_num=0; > cmdline_parse_inst_t *inst; > const char *curbuf; > - char result_buf[BUFSIZ]; > + char result_buf[CMDLINE_PARSE_RESULT_BUFSIZE]; > void (*f)(void *, struct cmdline *, void *) = NULL; > void *data = NULL; > int comment = 0; > diff --git a/lib/librte_cmdline/cmdline_parse.h > b/lib/librte_cmdline/cmdline_parse.h > index f18836d..dae53ba 100644 > --- a/lib/librte_cmdline/cmdline_parse.h > +++ b/lib/librte_cmdline/cmdline_parse.h > @@ -80,6 +80,9 @@ extern "C" { > #define CMDLINE_PARSE_COMPLETE_AGAIN 1 > #define CMDLINE_PARSE_COMPLETED_BUFFER 2 > > +/* maximum buffer size for parsed result */ > +#define CMDLINE_PARSE_RESULT_BUFSIZE 8192 > + > /** > * Stores a pointer to the ops struct, and the offset: the place to > * write the parsed result in the destination structure. > -- > 1.9.3