d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't break out of the m_advance() loop if len drops to zero.

Browse Source 
If a packet contains the Ethernet header (14 bytes) in the first mbuf
and the payload (IP + UDP + data) in the second mbuf, then the attempt
to fetch the l3hdr will return a NULL pointer.  The first loop iteration
will drop len to zero and exit the loop without setting 'p'.  However,
the desired data is at the start of the second mbuf, so the correct
behavior is to loop around and let the conditional set 'p' to m_data of
the next mbuf (and leave offset as 0).

Reviewed by:	np
Sponsored by:	Chelsio Communications
This commit is contained in:
jhb 2016-09-07 18:08:43 +00:00
parent a66a58c963
commit 21c9ef235a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/dev/cxgbe/t4_sge.c
View File

@ -2082,7 +2082,7 @@ m_advance(struct mbuf **pm, int *poffset, int len)
MPASS(len > 0);
while (len) {
for (;;) {
if (offset + len < m->m_len) {
offset += len;
p = mtod(m, uintptr_t) + offset;