From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 121DF5A0265
	for <passt-dev@passt.top>; Mon, 10 Oct 2022 12:35:11 +0200 (CEST)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4MmFfg1cMLz4xGQ; Mon, 10 Oct 2022 21:35:07 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1665398107;
	bh=RRwc6cXE98JKOEMxDUv64r6OU+qD/hk11PcvOtmVnG8=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=CilVSce7dSGbsgtZItrwA36XEFGNMNCZGYioioNz4zlo1DPje6hhBq+R1U46QhTAI
	 ik5yxjlK3f6C3LQLjSQTn+iM4OESLE0f4lFaTHX8683Ms6/gEV8HOT1KHc3S7x5+hr
	 jhiWcXT74Un9kf90IDJbkj1tQ+gAfYPL/2C4jAxs=
Date: Mon, 10 Oct 2022 19:59:38 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH] packet: Fix off-by-one in packet_get_do() sanity checks
Message-ID: <Y0Pe+qv3diJLTU5+@yekko>
References: <20221010075311.824692-1-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="BmoTvW/eY92H7ybV"
Content-Disposition: inline
In-Reply-To: <20221010075311.824692-1-sbrivio@redhat.com>
Message-ID-Hash: KCBL7HVWX24O5QVYEQCVYDW5SYE6JZ4C
X-Message-ID-Hash: KCBL7HVWX24O5QVYEQCVYDW5SYE6JZ4C
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Laurent Vivier <lvivier@redhat.com>
X-Mailman-Version: 3.3.3
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <>
Archived-At: <https://archives.passt.top/passt-dev/Y0Pe+qv3diJLTU5+@yekko/>
List-Archive: <>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--BmoTvW/eY92H7ybV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Oct 10, 2022 at 09:53:11AM +0200, Stefano Brivio wrote:
> An n-sized pool, or a pool with n entries, doesn't include index n,
> only up to n - 1.
>=20
> I'm not entirely sure this sanity check actually covers any
> practical case, but I spotted this while debugging a hang in
> tap4_handler() (possibly due to malformed sequence entries from
> qemu).
>=20
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  packet.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>=20
> diff --git a/packet.c b/packet.c
> index 3f82e84..d1ff998 100644
> --- a/packet.c
> +++ b/packet.c
> @@ -87,7 +87,7 @@ void packet_add_do(struct pool *p, size_t len, const ch=
ar *start,
>  void *packet_get_do(const struct pool *p, size_t index, size_t offset,
>  		    size_t len, size_t *left, const char *func, int line)
>  {
> -	if (index > p->size || index > p->count) {
> +	if (index >=3D p->size || index >=3D p->count) {
>  		if (func) {
>  			trace("packet %lu from pool size: %lu, count: %lu, "
>  			      "%s:%i", index, p->size, p->count, func, line);

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--BmoTvW/eY92H7ybV
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoULxWu4/Ws0dB+XtgypY4gEwYSIFAmND3vMACgkQgypY4gEw
YSIOnxAAv0eGVR7YK5xCam8lOr/WyOiIrqnRElbrkgb/vS5Ad1EEiSvHxCtIGblv
lcNeVJHUgjYHEFpqNp4pSjU3s3xYvuKasTcdi5vZUv0T6F1/34a2AlRWyYZPNPuv
T0rayin7XTtpkHy5Cp3tjXIpT8qNkw4K+LZfViR93bv/iIkdtD7LX8H/GCrNz6I2
UpLr0IrNw+gjR0iW4IGu2pMe2mI/WThh65Zyfj94cA40KzUCYUy6BUNLnPI98OPV
opXwKtLU1nGDxtL5YBw8AoQc3VFtCJ1P0szPtknjaZ+TRXObOGEXJMj0WUeizIcS
eFcsDzLMwYxDSRsY+/Q7Fc+oJJF2C5uCFi+eu3d4Hi1ostdhZztTvQEGFc2j2vQw
q195w3aYMxUhy5jWIYSuOdowzmCHmP7cleRy8NEom4ZKbtmLS1rCUY1P/f2DxDsf
9VxQssAODToEYadVpW/Blop6p9YiqjppGiF30u6XvSeWiMVxOxZrLNBT33cKkDRd
DuzaDfAdUT9T6ouWswxjQJ3WL5zUDiY/B5/jqTYB1yxic3XkTLZmPATf+aM6K+La
B8g+LljqKQpAcR4pP5HC6/K8ZxvAgSqFcBduJnS24M1KWcja7b3EU4ZaWYKAjm0f
WN5lD4U9Udv1Ukp1vRIv35EXn2F4ecpUwWVlw1NXKostRCRNHGE=
=WpXp
-----END PGP SIGNATURE-----

--BmoTvW/eY92H7ybV--