From 0e6199dfa20d4c010bf3ac43e051f9f29c213478 Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Fri, 17 Apr 2020 20:15:22 +0000 Subject: svm: check if fifo free list index is valid on alloc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Type: fix Signed-off-by: Florin Coras Signed-off-by: BenoƮt Ganne Change-Id: Ib85c2f01dc7ec9858f2f88b89e209f989d78c5d9 --- src/svm/fifo_segment.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/svm/fifo_segment.c') diff --git a/src/svm/fifo_segment.c b/src/svm/fifo_segment.c index cfc795418b2..06b7f063136 100644 --- a/src/svm/fifo_segment.c +++ b/src/svm/fifo_segment.c @@ -615,6 +615,9 @@ fs_try_alloc_fifo (fifo_segment_header_t * fsh, fifo_segment_slice_t * fss, min_size = clib_max ((fsh->pct_first_alloc * data_bytes) / 100, 4096); fl_index = fs_freelist_for_size (min_size); + if (fl_index >= vec_len (fss->free_chunks)) + return 0; + clib_spinlock_lock (&fss->chunk_lock); if (fss->free_fifos && fss->free_chunks[fl_index]) @@ -691,6 +694,7 @@ fsh_alloc_chunk (fifo_segment_header_t * fsh, u32 slice_index, u32 chunk_size) clib_spinlock_lock (&fss->chunk_lock); + ASSERT (vec_len (fss->free_chunks) > fl_index); c = fss->free_chunks[fl_index]; if (c) @@ -834,6 +838,9 @@ fifo_segment_alloc_fifo_w_slice (fifo_segment_t * fs, u32 slice_index, ASSERT (slice_index < fs->n_slices); + if (PREDICT_FALSE (data_bytes > 1 << fsh->max_log2_chunk_size)) + return 0; + fss = fsh_slice_get (fsh, slice_index); f = fs_try_alloc_fifo (fsh, fss, data_bytes); if (!f) -- cgit 1.2.3-korg