Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 0a77040)
Fixed vlib_buffer_clone with stale chained buffers 85/12785/2
authorYoann Desmouceaux <ydesmouc@cisco.com>
Tue, 29 May 2018 11:38:44 +0000 (13:38 +0200)
committerDamjan Marion <dmarion.lists@gmail.com>
Tue, 29 May 2018 15:37:28 +0000 (15:37 +0000)
When calling vlib_buffer_clone() on a source vlib_buffer with no next
buffer but whose total_length_not_including_first_buffer hadn't been
properly zeroed out, the total_length_not_including_first_buffer of
the clone was set to a wrong value.

(see https://lists.fd.io/g/vpp-dev/topic/19869395)

Change-Id: I4b503ece804e3933bb259be4c2148f84dafbea3e
Signed-off-by: Yoann Desmouceaux <ydesmouc@cisco.com>
src/vlib/buffer_funcs.h patch | blob | history

diff --git a/src/vlib/buffer_funcs.h b/src/vlib/buffer_funcs.h
index 6072b2e..aa7526e 100644 (file)
--- a/src/vlib/buffer_funcs.h
+++ b/src/vlib/buffer_funcs.h
@@ -822,9 +822,14 @@ vlib_buffer_clone_256 (vlib_main_t * vm, u32 src_buffer, u32 * buffers,
       d->current_length = head_end_offset;
       vlib_buffer_set_free_list_index (d,
                                       vlib_buffer_get_free_list_index (s));
-      d->total_length_not_including_first_buffer =
-       s->total_length_not_including_first_buffer + s->current_length -
+
+      d->total_length_not_including_first_buffer = s->current_length -
        head_end_offset;
+      if (PREDICT_FALSE (s->flags & VLIB_BUFFER_NEXT_PRESENT))
+       {
+         d->total_length_not_including_first_buffer +=
+           s->total_length_not_including_first_buffer;
+       }
       d->flags = s->flags | VLIB_BUFFER_NEXT_PRESENT;
       d->flags &= ~VLIB_BUFFER_EXT_HDR_VALID;
       clib_memcpy (d->opaque, s->opaque, sizeof (s->opaque));
Vector Packet Processing