aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKoichiro Den <den@klaipeden.com>2018-12-15 00:31:34 +0900
committerDamjan Marion <dmarion@me.com>2018-12-17 10:52:34 +0000
commitbe420e59e9590cc7ba5b4ec5a4ab4e252387bd24 (patch)
tree1068ec2e536299ac712d1b030ed5b18ef254c481
parent4eed7474f4fba7193ba342fb29c6ec1d73aef909 (diff)
libmemif: fix possible segfault on memif_get_details
insufficient buflen does not mean immediate return but fallthrough by design so assigning values to these array elements should just be skipped in that case. Change-Id: Iaa9718db073108e44a9b05e1c8ffb0725147ff1f Signed-off-by: Koichiro Den <den@klaipeden.com>
-rw-r--r--extras/libmemif/src/main.c59
1 files changed, 28 insertions, 31 deletions
diff --git a/extras/libmemif/src/main.c b/extras/libmemif/src/main.c
index c6a62bb2ddc..ab7a2f04c14 100644
--- a/extras/libmemif/src/main.c
+++ b/extras/libmemif/src/main.c
@@ -2074,20 +2074,19 @@ memif_get_details (memif_conn_handle_t conn, memif_details_t * md,
if (l0 + l1 <= buflen)
{
md->regions = (memif_region_details_t *) buf + l0;
+ for (i = 0; i < md->regions_num; i++)
+ {
+ md->regions[i].index = i;
+ md->regions[i].addr = c->regions[i].addr;
+ md->regions[i].size = c->regions[i].region_size;
+ md->regions[i].fd = c->regions[i].fd;
+ md->regions[i].is_external = c->regions[i].is_external;
+ }
l0 += l1;
}
else
err = MEMIF_ERR_NOBUF_DET;
- for (i = 0; i < md->regions_num; i++)
- {
- md->regions[i].index = i;
- md->regions[i].addr = c->regions[i].addr;
- md->regions[i].size = c->regions[i].region_size;
- md->regions[i].fd = c->regions[i].fd;
- md->regions[i].is_external = c->regions[i].is_external;
- }
-
md->rx_queues_num =
(c->args.is_master) ? c->run_args.num_s2m_rings : c->
run_args.num_m2s_rings;
@@ -2096,22 +2095,21 @@ memif_get_details (memif_conn_handle_t conn, memif_details_t * md,
if (l0 + l1 <= buflen)
{
md->rx_queues = (memif_queue_details_t *) buf + l0;
+ for (i = 0; i < md->rx_queues_num; i++)
+ {
+ md->rx_queues[i].region = c->rx_queues[i].region;
+ md->rx_queues[i].qid = i;
+ md->rx_queues[i].ring_size = (1 << c->rx_queues[i].log2_ring_size);
+ md->rx_queues[i].flags = c->rx_queues[i].ring->flags;
+ md->rx_queues[i].head = c->rx_queues[i].ring->head;
+ md->rx_queues[i].tail = c->rx_queues[i].ring->tail;
+ md->rx_queues[i].buffer_size = c->run_args.buffer_size;
+ }
l0 += l1;
}
else
err = MEMIF_ERR_NOBUF_DET;
- for (i = 0; i < md->rx_queues_num; i++)
- {
- md->rx_queues[i].region = c->rx_queues[i].region;
- md->rx_queues[i].qid = i;
- md->rx_queues[i].ring_size = (1 << c->rx_queues[i].log2_ring_size);
- md->rx_queues[i].flags = c->rx_queues[i].ring->flags;
- md->rx_queues[i].head = c->rx_queues[i].ring->head;
- md->rx_queues[i].tail = c->rx_queues[i].ring->tail;
- md->rx_queues[i].buffer_size = c->run_args.buffer_size;
- }
-
md->tx_queues_num =
(c->args.is_master) ? c->run_args.num_m2s_rings : c->
run_args.num_s2m_rings;
@@ -2120,22 +2118,21 @@ memif_get_details (memif_conn_handle_t conn, memif_details_t * md,
if (l0 + l1 <= buflen)
{
md->tx_queues = (memif_queue_details_t *) buf + l0;
+ for (i = 0; i < md->tx_queues_num; i++)
+ {
+ md->tx_queues[i].region = c->tx_queues[i].region;
+ md->tx_queues[i].qid = i;
+ md->tx_queues[i].ring_size = (1 << c->tx_queues[i].log2_ring_size);
+ md->tx_queues[i].flags = c->tx_queues[i].ring->flags;
+ md->tx_queues[i].head = c->tx_queues[i].ring->head;
+ md->tx_queues[i].tail = c->tx_queues[i].ring->tail;
+ md->tx_queues[i].buffer_size = c->run_args.buffer_size;
+ }
l0 += l1;
}
else
err = MEMIF_ERR_NOBUF_DET;
- for (i = 0; i < md->tx_queues_num; i++)
- {
- md->tx_queues[i].region = c->tx_queues[i].region;
- md->tx_queues[i].qid = i;
- md->tx_queues[i].ring_size = (1 << c->tx_queues[i].log2_ring_size);
- md->tx_queues[i].flags = c->tx_queues[i].ring->flags;
- md->tx_queues[i].head = c->tx_queues[i].ring->head;
- md->tx_queues[i].tail = c->tx_queues[i].ring->tail;
- md->tx_queues[i].buffer_size = c->run_args.buffer_size;
- }
-
md->link_up_down = (c->fd > 0) ? 1 : 0;
return err; /* 0 */