diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2022-10-10 02:28:22 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2022-10-15 02:10:36 +0200 |
commit | cc65f31250261a1ba777755109c2075dd4b7ba36 (patch) | |
tree | 8962b4201233a6c55d73c0a86b70894933fd3c38 | |
parent | 10236de486553aed25d48bbc715e9153c59c50e5 (diff) | |
download | passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.gz passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.bz2 passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.lz passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.xz passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.zst passt-cc65f31250261a1ba777755109c2075dd4b7ba36.zip |
packet: Fix off-by-one in packet_get_do() sanity checks
An n-sized pool, or a pool with n entries, doesn't include index n,
only up to n - 1.
I'm not entirely sure this sanity check actually covers any
practical case, but I spotted this while debugging a hang in
tap4_handler() (possibly due to malformed sequence entries from
qemu).
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r-- | packet.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -87,7 +87,7 @@ void packet_add_do(struct pool *p, size_t len, const char *start, void *packet_get_do(const struct pool *p, size_t index, size_t offset, size_t len, size_t *left, const char *func, int line) { - if (index > p->size || index > p->count) { + if (index >= p->size || index >= p->count) { if (func) { trace("packet %lu from pool size: %lu, count: %lu, " "%s:%i", index, p->size, p->count, func, line); |