buffers: protect against bad thread indices

There is a very rare bug in NAT processing that yeilds a thread
index of ~0.  When this happens, vlib_get_frame_queue_elt()
suffers a segfault and VPP quits.  Prevent an outright fault
by dropping the packet instead.

Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I48c7a268925bb821ea15e58db5d4bfb211c40c09

diff --git a/src/vlib/buffer_funcs.c b/src/vlib/buffer_funcs.c
index 4e1f2fd..80bb30e 100644 (file)
--- a/src/vlib/buffer_funcs.c
+++ b/src/vlib/buffer_funcs.c
@@ -261,6 +261,9 @@ vlib_get_frame_queue_elt (vlib_frame_queue_main_t *fqm, u32 index,
   vlib_frame_queue_t *fq;
   u64 nelts, tail, new_tail;
 
+  if (index >= vec_len (fqm->vlib_frame_queues))
+    return 0;
+
   fq = fqm->vlib_frame_queues[index];
   ASSERT (fq);
   nelts = fq->nelts;