This patch validates the queue index parameter, in order
to ensure no out-of-bound accesses happen.
Fixes: 9eed6bfd2efb ("vhost: allow to enable or disable features")
Cc: [email protected]
Signed-off-by: Maxime Coquelin <[email protected]>
---
lib/librte_vhost/vhost.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
index f78bdfcc94..e92ff618ac 100644
--- a/lib/librte_vhost/vhost.c
+++ b/lib/librte_vhost/vhost.c
@@ -1577,6 +1577,9 @@ int rte_vhost_async_channel_register(int vid, uint16_t
queue_id,
f.intval = features;
+ if (queue_id >= VHOST_MAX_VRING)
+ return -1;
+
vq = dev->virtqueue[queue_id];
if (unlikely(vq == NULL || !dev->async_copy))
@@ -1658,6 +1661,9 @@ int rte_vhost_async_channel_unregister(int vid, uint16_t
queue_id)
if (dev == NULL)
return ret;
+ if (queue_id >= VHOST_MAX_VRING)
+ return ret;
+
vq = dev->virtqueue[queue_id];
if (vq == NULL)
--
2.26.2
