From 33331edd3ab8c2c2109203be7568587664f08abc Mon Sep 17 00:00:00 2001 From: Koichiro Den Date: Thu, 3 Jan 2019 00:22:24 +0900 Subject: [PATCH] libmemif: fix incorrect write leading to memory corruption in the worst case scenario this leads to segfault in a hard-to-debug way. Change-Id: I165adae0bd2dee26af777a2665c8c124d3a49808 Signed-off-by: Koichiro Den --- extras/libmemif/src/main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/extras/libmemif/src/main.c b/extras/libmemif/src/main.c index ab7a2f04c14..b2da9fa8513 100644 --- a/extras/libmemif/src/main.c +++ b/extras/libmemif/src/main.c @@ -2073,7 +2073,7 @@ memif_get_details (memif_conn_handle_t conn, memif_details_t * md, l1 = sizeof (memif_region_details_t) * md->regions_num; if (l0 + l1 <= buflen) { - md->regions = (memif_region_details_t *) buf + l0; + md->regions = (memif_region_details_t *) (buf + l0); for (i = 0; i < md->regions_num; i++) { md->regions[i].index = i; @@ -2094,7 +2094,7 @@ memif_get_details (memif_conn_handle_t conn, memif_details_t * md, l1 = sizeof (memif_queue_details_t) * md->rx_queues_num; if (l0 + l1 <= buflen) { - md->rx_queues = (memif_queue_details_t *) buf + l0; + md->rx_queues = (memif_queue_details_t *) (buf + l0); for (i = 0; i < md->rx_queues_num; i++) { md->rx_queues[i].region = c->rx_queues[i].region; @@ -2117,7 +2117,7 @@ memif_get_details (memif_conn_handle_t conn, memif_details_t * md, l1 = sizeof (memif_queue_details_t) * md->tx_queues_num; if (l0 + l1 <= buflen) { - md->tx_queues = (memif_queue_details_t *) buf + l0; + md->tx_queues = (memif_queue_details_t *) (buf + l0); for (i = 0; i < md->tx_queues_num; i++) { md->tx_queues[i].region = c->tx_queues[i].region; -- 2.16.6