Merged (with bug number)
Maxim.
On 07/29/16 18:10, Bill Fischofer wrote:
Can you put the Bug reference that this is fixing into the git commit
log? That's helpful when it comes to building the CHANGELOG for the
release.
On Fri, Jul 29, 2016 at 9:58 AM, Maxim Uvarov <[email protected]
<mailto:[email protected]>> wrote:
Add additional check before coping from pointer to
array for pool name. In general it should never happen
until somebody will corrupt shared memory.
Signed-off-by: Maxim Uvarov <[email protected]
<mailto:[email protected]>>
Reviewed-by: Bill Fischofer <[email protected]
<mailto:[email protected]>>
---
platform/linux-generic/pktio/ipc.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/platform/linux-generic/pktio/ipc.c
b/platform/linux-generic/pktio/ipc.c
index f9e7a00..d97e495 100644
--- a/platform/linux-generic/pktio/ipc.c
+++ b/platform/linux-generic/pktio/ipc.c
@@ -211,6 +211,12 @@ static int _ipc_init_master(pktio_entry_t
*pktio_entry,
/* Set up pool name for remote info */
pinfo = pktio_entry->s.ipc.pinfo;
pool_name = _ipc_odp_buffer_pool_shm_name(pool);
+ if (strlen(pool_name) > ODP_POOL_NAME_LEN) {
+ ODP_DBG("pid %d ipc pool name %s is too big %d\n",
+ getpid(), pool_name, strlen(pool_name));
+ goto free_s_prod;
+ }
+
memcpy(pinfo->master.pool_name, pool_name, strlen(pool_name));
pinfo->master.shm_pkt_pool_size = pool_entry->s.pool_size;
pinfo->master.shm_pool_bufs_num = pool_entry->s.buf_num;
--
2.7.1.250.gff4ea60
