From c3eba353fb1a40477c4c0ee62cec6b95291cb32f Mon Sep 17 00:00:00 2001 From: Alex Forencich Date: Mon, 3 Feb 2020 17:02:05 -0800 Subject: [PATCH] Add checks for out-of-range pointers --- utils/mqnic.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/utils/mqnic.c b/utils/mqnic.c index 9771abe75..2dfd00448 100644 --- a/utils/mqnic.c +++ b/utils/mqnic.c @@ -105,6 +105,11 @@ struct mqnic *mqnic_open(const char *dev_name) interface->regs = dev->regs + k*dev->if_stride; interface->csr_regs = interface->regs + dev->if_csr_offset; + if (interface->regs >= dev->regs+dev->regs_size) + goto fail_range; + if (interface->csr_regs >= dev->regs+dev->regs_size) + goto fail_range; + interface->if_id = mqnic_reg_read32(interface->csr_regs, MQNIC_IF_REG_IF_ID); interface->if_features = mqnic_reg_read32(interface->csr_regs, MQNIC_IF_REG_IF_FEATURES); @@ -142,6 +147,9 @@ struct mqnic *mqnic_open(const char *dev_name) struct mqnic_port *port = &interface->ports[l]; port->regs = interface->regs + interface->port_offset + interface->port_stride*l; + if (port->regs >= dev->regs+dev->regs_size) + goto fail_range; + port->port_id = mqnic_reg_read32(port->regs, MQNIC_PORT_REG_PORT_ID); port->port_features = mqnic_reg_read32(port->regs, MQNIC_PORT_REG_PORT_FEATURES); @@ -156,12 +164,17 @@ struct mqnic *mqnic_open(const char *dev_name) { struct mqnic_sched *sched = &port->sched[m]; sched->regs = port->regs + port->sched_offset + port->sched_stride*m; + + if (sched->regs >= dev->regs+dev->regs_size) + goto fail_range; } } } return dev; +fail_range: + fprintf(stderr, "Error: computed pointer out of range\n"); fail_reset: munmap((void *)dev->regs, dev->regs_size); fail_mmap_regs: