Fix a TCP SACK related crash resulting from incorrect computation

of len in tcp_output(), in the case where the FIN has already been transmitted. The mis-computation of len is because of a gcc optimization issue, which this change works around. Submitted by: Mohan Srinivasan
2005-01-12 21:40:51 +00:00 · 2005-01-12 21:40:51 +00:00 · 8d03f2b53b
commit 8d03f2b53b
parent 3952015f40
1 changed files with 16 additions and 6 deletions
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@ -312,12 +312,22 @@ tcp_output(struct tcpcb *tp)
 			 */
 			len = ((long)ulmin(so->so_snd.sb_cc, tp->snd_wnd) 
 			       - off);
-			cwin = tp->snd_cwnd - 
-				(tp->snd_nxt - tp->sack_newdata) -
-				sack_bytes_rxmt;
-			if (cwin < 0)
-				cwin = 0;
-			len = lmin(len, cwin);
+			/*
+			 * Don't remove this (len > 0) check !
+			 * We explicitly check for len > 0 here (although it 
+			 * isn't really necessary), to work around a gcc 
+			 * optimization issue - to force gcc to compute
+			 * len above. Without this check, the computation
+			 * of len is bungled by the optimizer.
+			 */
+			if (len > 0) {
+				cwin = tp->snd_cwnd - 
+					(tp->snd_nxt - tp->sack_newdata) -
+					sack_bytes_rxmt;
+				if (cwin < 0)
+					cwin = 0;
+				len = lmin(len, cwin);
+			}
 		}
 	}