Applied to dpdk-next-net-mrvl/for-main. Thanks
________________________________ From: Sergei Iashin <[email protected]> Sent: Tuesday, April 7, 2026 1:27 PM To: Harman Kalra <[email protected]>; Jerin Jacob <[email protected]>; Santosh Shukla <[email protected]> Cc: [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; Sergei Iashin <[email protected]> Subject: [EXTERNAL] [PATCH] net/octeontx: fix buffer overflow in device name formatting Replace sprintf with snprintf when formatting into the fixed-size octtx_name buffer in octeontx_create and octeontx_remove. The device name can be up to 63 bytes (RTE_DEV_NAME_MAX_LEN) while the buffer is only 32 bytes (OCTEONTX_MAX_NAME_LEN), ZjQcmQRYFpfptBannerStart Prioritize security for external emails: Confirm sender and content safety before clicking links or opening attachments Report Suspicious<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/CRVmXkqW!tm3Z1f8UYnVa9O-8WX26DsK-0LaBO_9qwE4pEx2cpcKfFql8RWpbr-t0B-4n0FjU7XSDAvlitsV3KK8Ua-2nw37gJz6mivFAuDI$> ZjQcmQRYFpfptBannerEnd Replace sprintf with snprintf when formatting into the fixed-size octtx_name buffer in octeontx_create and octeontx_remove. The device name can be up to 63 bytes (RTE_DEV_NAME_MAX_LEN) while the buffer is only 32 bytes (OCTEONTX_MAX_NAME_LEN), which may cause a stack buffer overflow with a long user-provided --vdev name. Fixes: f18b146c498d ("net/octeontx: create ethdev ports") Cc: [email protected] Signed-off-by: Sergei Iashin <[email protected]> --- drivers/net/octeontx/octeontx_ethdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/octeontx/octeontx_ethdev.c b/drivers/net/octeontx/octeontx_ethdev.c index 21e3e56901..e4dca30d9d 100644 --- a/drivers/net/octeontx/octeontx_ethdev.c +++ b/drivers/net/octeontx/octeontx_ethdev.c @@ -1555,7 +1555,7 @@ octeontx_create(struct rte_vdev_device *dev, int port, uint8_t evdev, PMD_INIT_FUNC_TRACE(); - sprintf(octtx_name, "%s_%d", name, port); + snprintf(octtx_name, sizeof(octtx_name), "%s_%d", name, port); if (rte_eal_process_type() != RTE_PROC_PRIMARY) { eth_dev = rte_eth_dev_attach_secondary(octtx_name); if (eth_dev == NULL) @@ -1711,7 +1711,7 @@ octeontx_remove(struct rte_vdev_device *dev) return -EINVAL; for (i = 0; i < OCTEONTX_VDEV_DEFAULT_MAX_NR_PORT; i++) { - sprintf(octtx_name, "eth_octeontx_%d", i); + snprintf(octtx_name, sizeof(octtx_name), "eth_octeontx_%d", i); eth_dev = rte_eth_dev_allocated(octtx_name); if (eth_dev == NULL) -- 2.39.5
