packet: Fix off-by-one in packet_get_do() sanity checks

An n-sized pool, or a pool with n entries, doesn't include index n,
only up to n - 1.

I'm not entirely sure this sanity check actually covers any
practical case, but I spotted this while debugging a hang in
tap4_handler() (possibly due to malformed sequence entries from
qemu).

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

1 files changed, 1 insertions, 1 deletions

diff --git a/packet.c b/packet.c
index 3f82e84..d1ff998 100644
--- a/packet.c
+++ b/packet.c
@@ -87,7 +87,7 @@ void packet_add_do(struct pool *p, size_t len, const char *start,
 void *packet_get_do(const struct pool *p, size_t index, size_t offset,
 		    size_t len, size_t *left, const char *func, int line)
 {
-	if (index > p->size || index > p->count) {
+	if (index >= p->size || index >= p->count) {
 		if (func) {
 			trace("packet %lu from pool size: %lu, count: %lu, "
 			      "%s:%i", index, p->size, p->count, func, line);