In memif_tx_burst verify that total buffer size
(data_offset + data_len) does not exceed buffer
size. If not valid returns MEMIF_ERR_INVAL_ARG.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ifae8f92344a401febbc1efd22c301356ccf83d44
data_offset = b0->data - (d->offset + c->regions[d->region].addr);
if (data_offset != 0)
{
data_offset = b0->data - (d->offset + c->regions[d->region].addr);
if (data_offset != 0)
{
- /* verify data offset */
+ /* verify data offset and buffer length */
- (data_offset > (d->offset + offset_mask)))
+ ((data_offset + b0->len) > c->run_args.buffer_size))
- printf ("%ld\n", data_offset);
+ DBG ("slot: %d, data_offset: %d, length: %d",
+ b0->desc_index & mask, data_offset, b0->len);
err = MEMIF_ERR_INVAL_ARG;
goto done;
}
err = MEMIF_ERR_INVAL_ARG;
goto done;
}