aboutgitcodebugslistschat
path: root/packet.c
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2022-10-10 02:28:22 +0200
committerStefano Brivio <sbrivio@redhat.com>2022-10-15 02:10:36 +0200
commitcc65f31250261a1ba777755109c2075dd4b7ba36 (patch)
tree8962b4201233a6c55d73c0a86b70894933fd3c38 /packet.c
parent10236de486553aed25d48bbc715e9153c59c50e5 (diff)
downloadpasst-cc65f31250261a1ba777755109c2075dd4b7ba36.tar
passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.gz
passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.bz2
passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.lz
passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.xz
passt-cc65f31250261a1ba777755109c2075dd4b7ba36.tar.zst
passt-cc65f31250261a1ba777755109c2075dd4b7ba36.zip
packet: Fix off-by-one in packet_get_do() sanity checks
An n-sized pool, or a pool with n entries, doesn't include index n, only up to n - 1. I'm not entirely sure this sanity check actually covers any practical case, but I spotted this while debugging a hang in tap4_handler() (possibly due to malformed sequence entries from qemu). Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'packet.c')
-rw-r--r--packet.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/packet.c b/packet.c
index 3f82e84..d1ff998 100644
--- a/packet.c
+++ b/packet.c
@@ -87,7 +87,7 @@ void packet_add_do(struct pool *p, size_t len, const char *start,
void *packet_get_do(const struct pool *p, size_t index, size_t offset,
size_t len, size_t *left, const char *func, int line)
{
- if (index > p->size || index > p->count) {
+ if (index >= p->size || index >= p->count) {
if (func) {
trace("packet %lu from pool size: %lu, count: %lu, "
"%s:%i", index, p->size, p->count, func, line);