cj: cj dump crash

Thread 1 "vpp_main" received signal SIGSEGV, Segmentation fault.
0x00007ffff670da53 in cj_dump_one_record (r=0x7ffff50f0fec)
    at /home/sluong/vpp3/vpp/src/vlib/unix/cj.c:138
138		   (long long unsigned int) r->data[1]);

(gdb) p *cjm
$1 = {tail = 58645908, records = 0x7fffb64646ec, num_records = 512,
  enable = 1, vlib_main = 0x7ffff6953240 <vlib_global_main>}
(gdb) p /x cjm
$2 = 0x7ffff6953880
(gdb) p /x *cjm
$3 = {tail = 0x37edd94, records = 0x7fffb64646ec, num_records = 0x200,
  enable = 0x1, vlib_main = 0x7ffff6953240}
(gdb)

cjm->tail is a 64 bit counter, not the total number of records. Dumping from
0 to cjm->tail can be a very large number of records which go beyond the
limit. I believe we meant to dump from 0 to index. index has been set  by
this statement
  index = (cjm->tail + 1) & (cjm->num_records - 1);

Change-Id: Ie1a8ba757598de9757accc1488577c15aa49726b
Signed-off-by: Steven <sluong@cisco.com>

diff --git a/src/vlib/unix/cj.c b/src/vlib/unix/cj.c
index 7238dbf..14d8fce 100644 (file)
--- a/src/vlib/unix/cj.c
+++ b/src/vlib/unix/cj.c
@@ -178,7 +178,7 @@ cj_dump_internal (u8 filter0_enable, u64 filter0,
     }
   /* dump from the beginning through the final tail */
   r = cjm->records;
-  for (i = 0; i <= cjm->tail; i++)
+  for (i = 0; i < index; i++)
     {
       if (filter0_enable && (r->data[0] != filter0))
        goto skip2;