This patch validates the queue index parameter, in order to ensure no out-of-bound accesses happen.
Fixes: 9eed6bfd2efb ("vhost: allow to enable or disable features") Cc: sta...@dpdk.org Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com> --- lib/librte_vhost/vhost.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index f78bdfcc94..e92ff618ac 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -1577,6 +1577,9 @@ int rte_vhost_async_channel_register(int vid, uint16_t queue_id, f.intval = features; + if (queue_id >= VHOST_MAX_VRING) + return -1; + vq = dev->virtqueue[queue_id]; if (unlikely(vq == NULL || !dev->async_copy)) @@ -1658,6 +1661,9 @@ int rte_vhost_async_channel_unregister(int vid, uint16_t queue_id) if (dev == NULL) return ret; + if (queue_id >= VHOST_MAX_VRING) + return ret; + vq = dev->virtqueue[queue_id]; if (vq == NULL) -- 2.26.2