From f8631ce7e8886136b4543a7926ffdf1bc760fb11 Mon Sep 17 00:00:00 2001
From: Jon Loeliger <jdl@netgate.com>
Date: Mon, 13 Jun 2022 10:39:32 -0500
Subject: [PATCH] buffers: protect against bad thread indices

There is a very rare bug in NAT processing that yeilds a thread
index of ~0.  When this happens, vlib_get_frame_queue_elt()
suffers a segfault and VPP quits.  Prevent an outright fault
by dropping the packet instead.

Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I48c7a268925bb821ea15e58db5d4bfb211c40c09
---
 src/vlib/buffer_funcs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/vlib/buffer_funcs.c b/src/vlib/buffer_funcs.c
index 4e1f2fde22d..80bb30e9f93 100644
--- a/src/vlib/buffer_funcs.c
+++ b/src/vlib/buffer_funcs.c
@@ -261,6 +261,9 @@ vlib_get_frame_queue_elt (vlib_frame_queue_main_t *fqm, u32 index,
   vlib_frame_queue_t *fq;
   u64 nelts, tail, new_tail;
 
+  if (index >= vec_len (fqm->vlib_frame_queues))
+    return 0;
+
   fq = fqm->vlib_frame_queues[index];
   ASSERT (fq);
   nelts = fq->nelts;
-- 
2.16.6