summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJon Loeliger <jdl@netgate.com>2022-06-13 10:39:32 -0500
committerMatthew Smith <mgsmith@netgate.com>2022-07-01 14:11:10 +0000
commitf8631ce7e8886136b4543a7926ffdf1bc760fb11 (patch)
treefa82fa659b74a7b33c8282e0a442078ab2e2860f
parentb52bd3a23a376dfcdc7f1bff5956f1f663c35a42 (diff)
buffers: protect against bad thread indices
There is a very rare bug in NAT processing that yeilds a thread index of ~0. When this happens, vlib_get_frame_queue_elt() suffers a segfault and VPP quits. Prevent an outright fault by dropping the packet instead. Type: fix Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I48c7a268925bb821ea15e58db5d4bfb211c40c09
-rw-r--r--src/vlib/buffer_funcs.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/vlib/buffer_funcs.c b/src/vlib/buffer_funcs.c
index 4e1f2fde22d..80bb30e9f93 100644
--- a/src/vlib/buffer_funcs.c
+++ b/src/vlib/buffer_funcs.c
@@ -261,6 +261,9 @@ vlib_get_frame_queue_elt (vlib_frame_queue_main_t *fqm, u32 index,
vlib_frame_queue_t *fq;
u64 nelts, tail, new_tail;
+ if (index >= vec_len (fqm->vlib_frame_queues))
+ return 0;
+
fq = fqm->vlib_frame_queues[index];
ASSERT (fq);
nelts = fq->nelts;