11/01/2022 13:50, Rahul Bhansali:
> This patch fixes the stack buffer overflow error reported
> from AddressSanitizer.
> Function send_packetsx4() tries to access out of bound data
> from rte_mbuf and fill it into TX buffer even in the case
> where no pending packets (len = 0).
> Performance impact:- No
>
> ASAN error report:-
> ==819==ERROR: AddressSanitizer: stack-buffer-overflow on address
> 0xffffe2c0dcf0 at pc 0x0000005e791c bp 0xffffe2c0d7e0 sp 0xffffe2c0d800
> READ of size 8 at 0xffffe2c0dcf0 thread T0
> #0 0x5e7918 in send_packetsx4 ../examples/l3fwd/l3fwd_common.h:251
> #1 0x5e7918 in send_packets_multi ../examples/l3fwd/l3fwd_neon.h:226
This code comes from below commit, so these tags are missing:
Fixes: 96ff445371e0 ("examples/l3fwd: reorganise and optimize LPM code path")
Cc: sta...@dpdk.org
> Signed-off-by: Rahul Bhansali <rbhans...@marvell.com>
> ---
> examples/l3fwd/l3fwd_common.h | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/examples/l3fwd/l3fwd_common.h b/examples/l3fwd/l3fwd_common.h
> index 7d83ff641a..de77711f88 100644
> --- a/examples/l3fwd/l3fwd_common.h
> +++ b/examples/l3fwd/l3fwd_common.h
> @@ -236,6 +236,9 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port,
> struct rte_mbuf *m[],
>
> /* copy rest of the packets into the TX buffer. */
> len = num - n;
> + if (len == 0)
> + goto exit;
> +
I don't understand how it can fix something.
There is already "while (j < len)" with j and len being 0,
the loop should not be effective in this case.
> j = 0;
> switch (len % FWDSTEP) {
> while (j < len) {
> @@ -258,6 +261,7 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port,
> struct rte_mbuf *m[],
> }
> }
>
> +exit:
> qconf->tx_mbufs[port].len = len;
> }
