Hi David,
On Mon, Aug 13, 2018 at 06:03:45PM +0200, David Marchand wrote:
> Add some basic check on the segments offset and length metadata:
> always funny to have a < 0 tailroom cast to uint16_t ;-).
>
> Signed-off-by: David Marchand <david.march...@6wind.com>
> ---
> lib/librte_mbuf/rte_mbuf.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> index e714c5a..7eeef12 100644
> --- a/lib/librte_mbuf/rte_mbuf.c
> +++ b/lib/librte_mbuf/rte_mbuf.c
> @@ -200,6 +200,8 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int
> is_header)
> pkt_len = m->pkt_len;
>
> do {
> + if (m->data_off + m->data_len > m->buf_len)
> + rte_panic("bad segment metadata\n");
What about spliting the test into two? This would help to clarify
the error messages. I also suggest add casts to uint32 to ensure
that there is no overflow.
if (m->data_off_len > m->buf_len)
rte_panic("data offset too big in mbuf segment\n");
if ((uint32_t)m->data_off + (uint32_t)m->data_len >
(uint32_t)m->buf_len)
rte_panic("data length too big in mbuf segment\n");
