vppinfra: loop counter off by 1 in search_free_list()
In search_free_list(), we have this do while loop.
do
{
l--;
f_index = h->free_lists[b][l];
f = elt_at (h, f_index);
f_size = heap_elt_size (v, f);
if ((s = f_size - size) >= 0)
break;
}
while (l >= 0);
When (l == 0), we still go back up to execute l--. Then l become -1. The
next statement is we index h->free_lists[b][-1]. After that, elt_at() would
probably cause a crash in the ASSERT.
Type: fix
Ticket: VPPSUPP-63
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I617d122aa221cfdfe38f8be50f4e0f0e76e11bb5
(cherry picked from commit
ec7012e51edef4aec2239cb5b3a249f46d9b2cb0)
Code Review / vpp.git / commit