在 2021/4/26 23:08, Ferruh Yigit 写道:
On 4/22/2021 10:22 AM, Min Hu (Connor) wrote:Buffer 'test_params->slave_port_ids' of size 6 accessed may overflow, since its index 'i' can have value be is out of range. This patch fixed it. Fixes: 92073ef961ee ("bond: unit tests") Cc: [email protected] Signed-off-by: Min Hu (Connor) <[email protected]> --- app/test/test_link_bonding.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/test/test_link_bonding.c b/app/test/test_link_bonding.c index 8a5c831..b5a6042 100644 --- a/app/test/test_link_bonding.c +++ b/app/test/test_link_bonding.c @@ -2216,7 +2216,8 @@ test_activebackup_rx_burst(void) "failed to get primary slave for bonded port (%d)", test_params->bonded_port_id);- for (i = 0; i < test_params->bonded_slave_count; i++) {+ for (i = 0; i < test_params->bonded_slave_count && + i < TEST_MAX_NUMBER_OF_PORTS; i++) { /* Generate test bursts of packets to transmit */ TEST_ASSERT_EQUAL(generate_test_burst( &gen_pkt_burst[0], burst_size, 0, 1, 0, 0, 0),Hi Connor, There is nothing wrong with the check you add, but at first place how 'test_params->bonded_slave_count' can become bigger than 'TEST_MAX_NUMBER_OF_PORTS'? Should we fix there, instead of this loop? Also in same function, there are a few more loops iterate until " < test_params->bonded_slave_count", so fixing the root case works for them too.
Hi, fixed in v2, thanks.
