From 277681ebfd5f7a6742490522239eeee575f21c71 Mon Sep 17 00:00:00 2001 From: Andrew Yourtchenko Date: Fri, 23 Nov 2018 09:22:10 +0100 Subject: acl-plugin: fix coverity error that the fix related for [VPP-1502] has triggered Fix the trivial use-before-check copypaste error. There was a more subtle issue with that patch that Coverity didn't notice: namely, vec_validate(v, len-1) is a terrible idea if len happens to be == 0. Fix that. Change-Id: I0fab8b1750e9e9973eefb5d39f35e4c3a13fc66f Signed-off-by: Andrew Yourtchenko (cherry picked from commit e0152461cbc84d6d4df3f05dddabe992c1c59052) --- src/plugins/acl/hash_lookup.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/src/plugins/acl/hash_lookup.c b/src/plugins/acl/hash_lookup.c index 4c79f970113..495395443f1 100644 --- a/src/plugins/acl/hash_lookup.c +++ b/src/plugins/acl/hash_lookup.c @@ -603,6 +603,10 @@ hash_acl_set_heap(acl_main_t *am) am->hash_lookup_mheap = mheap_alloc_with_lock (0 /* use VM */ , am->hash_lookup_mheap_size, 1 /* locked */); + if (0 == am->hash_lookup_mheap) { + clib_error("ACL plugin failed to allocate lookup heap of %U bytes", + format_memory_size, am->hash_lookup_mheap_size); + } #if USE_DLMALLOC != 0 /* * DLMALLOC is being "helpful" in that it ignores the heap size parameter @@ -614,10 +618,6 @@ hash_acl_set_heap(acl_main_t *am) */ mspace_disable_expand(am->hash_lookup_mheap); #endif - if (0 == am->hash_lookup_mheap) { - clib_error("ACL plugin failed to allocate lookup heap of %U bytes", - format_memory_size, am->hash_lookup_mheap_size); - } } void *oldheap = clib_mem_set_heap(am->hash_lookup_mheap); return oldheap; @@ -749,9 +749,11 @@ hash_acl_apply(acl_main_t *am, u32 lc_index, int acl_index, u32 acl_position) vec_validate(am->hash_applied_mask_info_vec_by_lc_index, lc_index); /* since we know (in case of no split) how much we expand, preallocate that space */ - int old_vec_len = vec_len(*applied_hash_aces); - vec_validate((*applied_hash_aces), old_vec_len + vec_len(ha->rules) - 1); - _vec_len((*applied_hash_aces)) = old_vec_len; + if (vec_len(ha->rules) > 0) { + int old_vec_len = vec_len(*applied_hash_aces); + vec_validate((*applied_hash_aces), old_vec_len + vec_len(ha->rules) - 1); + _vec_len((*applied_hash_aces)) = old_vec_len; + } /* add the rules from the ACL to the hash table for lookup and append to the vector*/ for(i=0; i < vec_len(ha->rules); i++) { @@ -1190,8 +1192,10 @@ void hash_acl_add(acl_main_t *am, int acl_index) is a mask type, increment a reference count for that mask type */ /* avoid small requests by preallocating the entire vector before running the additions */ - vec_validate(ha->rules, a->count-1); - vec_reset_length(ha->rules); + if (a->count > 0) { + vec_validate(ha->rules, a->count-1); + vec_reset_length(ha->rules); + } for(i=0; i < a->count; i++) { hash_ace_info_t ace_info; -- cgit 1.2.3-korg