On 6/2/21 12:06 PM, Andrew Rybchenko wrote: > From: Ivan Ilchenko <[email protected]> > > Bitmap initialization function is allowed to memset > caller-provided buffer with number of bytes exceeded > this buffer size. This happens due to wrong comparision > sign between buffer size and number of bytes required > to initialize bitmap. > > Fixes: 602c9ca33a4 ("sched: bitmap is now dynamically allocated") > Cc: [email protected] > > Reported-by: Andy Moreton <[email protected]> > Signed-off-by: Ivan Ilchenko <[email protected]> > Signed-off-by: Andrew Rybchenko <[email protected]> > Reviewed-by: Andy Moreton <[email protected]> > --- > lib/eal/include/rte_bitmap.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/eal/include/rte_bitmap.h b/lib/eal/include/rte_bitmap.h > index 9e2b8f2cbf..870aecc594 100644 > --- a/lib/eal/include/rte_bitmap.h > +++ b/lib/eal/include/rte_bitmap.h > @@ -185,7 +185,7 @@ rte_bitmap_init(uint32_t n_bits, uint8_t *mem, uint32_t > mem_size) > size = __rte_bitmap_get_memory_footprint(n_bits, > &array1_byte_offset, &array1_slabs, > &array2_byte_offset, &array2_slabs); > - if (size < mem_size) { > + if (size > mem_size) { > return NULL; > } > >
Self-NACK, will fix spelling in v2 and remove curly brackets. Strictly speaking it is out of scope of the patch, but nice cleanup on the way.
