https://bugs.linaro.org/show_bug.cgi?id=3581
Bug ID: 3581
Summary: classification: invalid memory access in RSS hash
Product: OpenDataPlane - linux- generic reference
Version: master
Hardware: Other
OS: Linux
Status: UNCONFIRMED
Severity: major
Priority: ---
Component: Classification
Assignee: bala.manoha...@linaro.org
Reporter: or...@starflownetworks.com
CC: lng-odp@lists.linaro.org
Target Milestone: ---
In packet_rss_hash() the IPv4, IPv6, TCP and UDP fields are obtained adding the
L3 and L4 offsets to the base pointer of the packet:
ipv4 = (const _odp_ipv4hdr_t *)base + pkt_hdr->p.l3_offset;
However, in C the cast operator has precedence over the addition operator. The
addition is done using pointer arithmetic (_odp_ipv4hdr_t*), rather than byte
arithmetic (uint8_t*). For IPv4, the access is 266 bytes off.
This causes incorrect hashing and potential segmentation fault.
The correct access would be:
ipv4 = (const _odp_ipv4hdr_t *)(base + pkt_hdr->p.l3_offset);
--
You are receiving this mail because:
You are on the CC list for the bug.
