Re: Comparison of different-width ints in ixg(4)

To: Mario Campos <mario.andres.campos%gmail.com@localhost>
Subject: Re: Comparison of different-width ints in ixg(4)
From: Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>
Date: Sat, 8 Oct 2022 18:00:50 +0000

> Date: Sat, 8 Oct 2022 10:58:58 -0500
> From: Mario Campos <mario.andres.campos%gmail.com@localhost>
> 
> I ran a SAST tool, CodeQL, against trunk and found a couple of
> instances (below) where the 16-bit integer `i` is compared to the
> 32-bit integer `max_rx_queues` or `max_tx_queues` in ixg(4). If
> `max_rx_queues` (or `max_tx_queues`) is sufficiently large, it could
> lead to an infinite loop.
> 
> sys/dev/pci/ixgbe/ixgbe_vf.c:280
> sys/dev/pci/ixgbe/ixgbe_vf.c:284
> sys/dev/pci/ixgbe/ixgbe_common.c:1158
> sys/dev/pci/ixgbe/ixgbe_common.c:1162

Cool.  I don't think this case is a bug because the quantities in
question are bounded by IXGBE_VF_MAX_TX/RX_QUEUES, which are both 8.
But it would be reasonable to use u32 or even just unsigned for this.
Did this tool turn anything else up?

Follow-Ups:
- Re: Comparison of different-width ints in ixg(4)
  - From: Mario Campos

References:
- Comparison of different-width ints in ixg(4)
  - From: Mario Campos

Prev by Date: Comparison of different-width ints in ixg(4)
Next by Date: Re: Comparison of different-width ints in ixg(4)
Previous by Thread: Comparison of different-width ints in ixg(4)
Next by Thread: Re: Comparison of different-width ints in ixg(4)
Indexes:

Home | Main Index | Thread Index | Old Index