On 12 Jan 2026, at 8:50, David Marchand wrote:
> Coverity complains about reading past the UDP checksum field in the
> inner L4 header.
>
> 2123 } else if (dp_packet_inner_l4_proto_udp(p)) {
> 3. alias: Assigning: inner_l4_csum_p =
> &((struct udp_header *)inner_l4)->udp_csum. inner_l4_csum_p now points
> to element 0 of ((struct udp_header *)inner_l4)->udp_csum (which
> consists of 1 2-byte elements).
> 2124 inner_l4_csum_p = &(((struct udp_header *) inner_l4)->udp_csum);
> ...
> 2152 inner_csum = csum_continue(inner_csum, inner_l4,
> 2153 (char *) inner_l4_csum_p - (char *) inner_l4);
>
> CID 556378: (#1 of 1): Out-of-bounds read (OVERRUN)
> 10. overrun-local: Overrunning array of 2 bytes at byte offset 2 by
> dereferencing pointer inner_l4_csum_p + 1.[hide details]
>
> 2154 inner_l4_csum = csum_finish(csum_continue(inner_csum,
> inner_l4_csum_p + 1,
> 2155 (char *) inner_l4_data - (char *)(inner_l4_csum_p + 1)));
>
> While there is nothing really wrong with the current code, other tools
> (compilers?) may complain about the same in the future, so rework this
> code to please this tool.
>
> Fixes: d8836302400f ("dp-packet: Optimize outer checksum for nested
> checksums.")
> Signed-off-by: David Marchand <[email protected]>
> Reviewed-by: Eelco Chaudron <[email protected]>
> Tested-by: Eelco Chaudron <[email protected]>
Thanks for fixing the issues. I’ve applied the series to main.
Cheers,
Eelco
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
