From: Ole Troan Date: Tue, 11 Jan 2022 15:08:23 +0000 (+0100) Subject: ip: coverity illegal access in ip6_ext_header_walk X-Git-Tag: v22.06-rc0~28 X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=de3648db09b2102224eba50fe7019ee388fa26e5;p=vpp.git ip: coverity illegal access in ip6_ext_header_walk *** CID 243670: Memory - illegal accesses (OVERRUN) /src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk() CID 243670: Memory - illegal accesses (OVERRUN) Overrunning array "res->eh" of 4 4-byte elements at element index 5 (byte offset 23) using index "i" (which evaluates to 5). Type: fix Fixes: 03092c1 Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651 Signed-off-by: Ole Troan --- diff --git a/src/vnet/ip/ip6_packet.h b/src/vnet/ip/ip6_packet.h index 7f337a61be6..fecec7cdf5b 100644 --- a/src/vnet/ip/ip6_packet.h +++ b/src/vnet/ip/ip6_packet.h @@ -666,7 +666,7 @@ typedef struct } ip6_ext_hdr_chain_t; /* - * find ipv6 extension header within ipv6 header within + * Find ipv6 extension header within ipv6 header within * whichever is smallest of buffer or IP6_EXT_HDR_MAX_DEPTH. * The complete header chain must be in first buffer. * @@ -710,16 +710,9 @@ ip6_ext_header_walk (vlib_buffer_t *b, ip6_header_t *ip, int find_hdr_type, next_header = ip6_ext_next_header_s (next_proto, next_header, max_offset, &offset, &next_proto, &last); } - if (ip6_ext_hdr (res->eh[i].protocol)) - { - /* Header chain is not terminated */ - ; - } res->length = i; if (find_hdr_type < 0) - { - return i - 1; - } + return i - 1; return found != -1 ? found : i - 1; }