On Tue, Dec 14, 2021 at 11:30:16AM +0800, Zhihong Wang wrote:
> Parameters count and esize are both unsigned int, and their product can
> legally exceed unsigned int and lead to runtime access violation.
>
> Fixes: cc4b218790f6 ("ring: support configurable element size")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Zhihong Wang <wangzhihong....@bytedance.com>
> ---
> lib/ring/rte_ring.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/ring/rte_ring.c b/lib/ring/rte_ring.c
> index f17bd966be..d1b80597af 100644
> --- a/lib/ring/rte_ring.c
> +++ b/lib/ring/rte_ring.c
> @@ -75,7 +75,7 @@ rte_ring_get_memsize_elem(unsigned int esize, unsigned int
> count)
> return -EINVAL;
> }
>
> - sz = sizeof(struct rte_ring) + count * esize;
> + sz = sizeof(struct rte_ring) + (ssize_t)count * esize;
> sz = RTE_ALIGN(sz, RTE_CACHE_LINE_SIZE);
> return sz;
> }
> --
> 2.11.0
>
Reviewed-by Liang Ma <lian...@liangbit.com>
