packet: Fix off-by-one in packet_get_do() sanity checks
An n-sized pool, or a pool with n entries, doesn't include index n, only up to n - 1. I'm not entirely sure this sanity check actually covers any practical case, but I spotted this while debugging a hang in tap4_handler() (possibly due to malformed sequence entries from qemu). Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
parent
10236de486
commit
cc65f31250
1 changed files with 1 additions and 1 deletions
2
packet.c
2
packet.c
|
@ -87,7 +87,7 @@ void packet_add_do(struct pool *p, size_t len, const char *start,
|
|||
void *packet_get_do(const struct pool *p, size_t index, size_t offset,
|
||||
size_t len, size_t *left, const char *func, int line)
|
||||
{
|
||||
if (index > p->size || index > p->count) {
|
||||
if (index >= p->size || index >= p->count) {
|
||||
if (func) {
|
||||
trace("packet %lu from pool size: %lu, count: %lu, "
|
||||
"%s:%i", index, p->size, p->count, func, line);
|
||||
|
|
Loading…
Reference in a new issue