This patch validates the queue index parameter, in order
to ensure neither out-of-bound accesses nor NULL pointer
dereferencing happen.
Fixes: a67f286a6596 ("vhost: export queue free entries")
Cc: [email protected]
Signed-off-by: Maxime Coquelin <[email protected]>
---
lib/librte_vhost/vhost.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
index 0c9ba3b3af..193dafc369 100644
--- a/lib/librte_vhost/vhost.c
+++ b/lib/librte_vhost/vhost.c
@@ -1260,7 +1260,12 @@ rte_vhost_avail_entries(int vid, uint16_t queue_id)
if (!dev)
return 0;
+ if (queue_id >= VHOST_MAX_VRING)
+ return 0;
+
vq = dev->virtqueue[queue_id];
+ if (!vq)
+ return 0;
rte_spinlock_lock(&vq->access_lock);
--
2.26.2
