From 21c9ef235ace4431ff29f7bc108abcb728409e09 Mon Sep 17 00:00:00 2001 From: jhb Date: Wed, 7 Sep 2016 18:08:43 +0000 Subject: [PATCH] Don't break out of the m_advance() loop if len drops to zero. If a packet contains the Ethernet header (14 bytes) in the first mbuf and the payload (IP + UDP + data) in the second mbuf, then the attempt to fetch the l3hdr will return a NULL pointer. The first loop iteration will drop len to zero and exit the loop without setting 'p'. However, the desired data is at the start of the second mbuf, so the correct behavior is to loop around and let the conditional set 'p' to m_data of the next mbuf (and leave offset as 0). Reviewed by: np Sponsored by: Chelsio Communications --- sys/dev/cxgbe/t4_sge.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/cxgbe/t4_sge.c b/sys/dev/cxgbe/t4_sge.c index 923f1c16de9a..8bee75d98381 100644 --- a/sys/dev/cxgbe/t4_sge.c +++ b/sys/dev/cxgbe/t4_sge.c @@ -2082,7 +2082,7 @@ m_advance(struct mbuf **pm, int *poffset, int len) MPASS(len > 0); - while (len) { + for (;;) { if (offset + len < m->m_len) { offset += len; p = mtod(m, uintptr_t) + offset;