Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: def7834) | patch
vppinfra: loop counter off by 1 in search_free_list() 48/26948/3
authorSteven Luong <sluong@cisco.com>
Thu, 7 May 2020 17:47:33 +0000 (10:47 -0700)
committerSteven Luong <sluong@cisco.com>
Thu, 7 May 2020 18:34:50 +0000 (11:34 -0700)
commitec7012e51edef4aec2239cb5b3a249f46d9b2cb0
treefc982df7acbdff76fb65764f801b0ba2a117ffa1tree | snapshot
parentdef783445fe9421ac6f321a9539f43a6db5261e4commit | diff
vppinfra: loop counter off by 1 in search_free_list()

In search_free_list(), we have this do while loop.
do
  {
    l--;
    f_index = h->free_lists[b][l];
    f = elt_at (h, f_index);
    f_size = heap_elt_size (v, f);
    if ((s = f_size - size) >= 0)
      break;
  }
while (l >= 0);

When (l == 0), we still go back up to execute l--. Then l become -1. The
next statement is we index h->free_lists[b][-1]. After that, elt_at() would
probably cause a crash in the ASSERT.

Type: fix
Ticket: VPPSUPP-63

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I617d122aa221cfdfe38f8be50f4e0f0e76e11bb5
src/vppinfra/heap.c diff | blob | history
Vector Packet Processing