From c09b7fd05104745a535a26794c0e680d7a6781c5 Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Tue, 4 Jun 2019 21:14:26 +0200
Subject: buffers: fix crash

this change is being made to fix a crash when current_data < 0 in buffer
linearization function

Ticket: N/A
Type: fix
Fixes: f883f6a1132ad4bb7aa9d9a79d420274fbcf3b64

Change-Id: Ia4ede823f673780e0c30d075b091db42e183650d
Signed-off-by: Klement Sekera <ksekera@cisco.com>
---
 src/vlib/buffer_funcs.h | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'src/vlib/buffer_funcs.h')

diff --git a/src/vlib/buffer_funcs.h b/src/vlib/buffer_funcs.h
index 521a036812c..8091d83729c 100644
--- a/src/vlib/buffer_funcs.h
+++ b/src/vlib/buffer_funcs.h
@@ -1416,13 +1416,19 @@ vlib_buffer_chain_linearize (vlib_main_t * vm, vlib_buffer_t * b)
 
       if (dst_left == 0)
 	{
-	  if (db != first)
-	    db->current_data = 0;
 	  db->current_length = dp - (u8 *) vlib_buffer_get_current (db);
 	  ASSERT (db->flags & VLIB_BUFFER_NEXT_PRESENT);
 	  db = vlib_get_buffer (vm, db->next_buffer);
 	  dst_left = data_size;
-	  dp = db->data;
+	  if (db->current_data > 0)
+	    {
+	      db->current_data = 0;
+	    }
+	  else
+	    {
+	      dst_left += -db->current_data;
+	    }
+	  dp = vlib_buffer_get_current (db);
 	}
 
       while (src_left == 0)
-- 
cgit 1.2.3-korg