mirrors/passt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

packet: Fix off-by-one in packet_get_do() sanity checks

Browse source 
An n-sized pool, or a pool with n entries, doesn't include index n,
only up to n - 1.

I'm not entirely sure this sanity check actually covers any
practical case, but I spotted this while debugging a hang in
tap4_handler() (possibly due to malformed sequence entries from
qemu).

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
Stefano Brivio 2022-10-10 02:28:22 +02:00
parent 10236de486
commit cc65f31250
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
packet.c
View file

@ -87,7 +87,7 @@ void packet_add_do(struct pool *p, size_t len, const char *start,
void *packet_get_do(const struct pool *p, size_t index, size_t offset, void *packet_get_do(const struct pool *p, size_t index, size_t offset,
size_t len, size_t *left, const char *func, int line) size_t len, size_t *left, const char *func, int line)
{ {
if (index > p->size || index > p->count) { if (index >= p->size || index >= p->count) {
if (func) { if (func) {
trace("packet %lu from pool size: %lu, count: %lu, " trace("packet %lu from pool size: %lu, count: %lu, "
"%s:%i", index, p->size, p->count, func, line); "%s:%i", index, p->size, p->count, func, line);