summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteven Luong <sluong@cisco.com>2020-05-07 10:47:33 -0700
committerAndrew Yourtchenko <ayourtch@gmail.com>2020-08-18 09:54:56 +0000
commit0efdd24d0d406f9a4ea6817de3df3c4b08cd391c (patch)
tree30ccbf415b7edf70a7f1aa832e49b2ac6edcb90f
parentd63d353faa54b5a0a8724d7491c15331b5dcc006 (diff)
vppinfra: loop counter off by 1 in search_free_list()
In search_free_list(), we have this do while loop. do { l--; f_index = h->free_lists[b][l]; f = elt_at (h, f_index); f_size = heap_elt_size (v, f); if ((s = f_size - size) >= 0) break; } while (l >= 0); When (l == 0), we still go back up to execute l--. Then l become -1. The next statement is we index h->free_lists[b][-1]. After that, elt_at() would probably cause a crash in the ASSERT. Type: fix Ticket: VPPSUPP-63 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I617d122aa221cfdfe38f8be50f4e0f0e76e11bb5 (cherry picked from commit ec7012e51edef4aec2239cb5b3a249f46d9b2cb0)
-rw-r--r--src/vppinfra/heap.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vppinfra/heap.c b/src/vppinfra/heap.c
index f7b1f6bb31e..d48136c4c94 100644
--- a/src/vppinfra/heap.c
+++ b/src/vppinfra/heap.c
@@ -306,7 +306,7 @@ search_free_list (void *v, uword size)
if ((s = f_size - size) >= 0)
break;
}
- while (l >= 0);
+ while (l > 0);
/* If we fail to find a large enough object, try the next larger size. */
if (l < 0)