From 713322bd32a07135a5d16c55bcd909f2d073b8cb Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Wed, 10 Oct 2018 13:27:00 +0000
Subject: Integer underflow and out-of-bounds read (VPP-1442)

Change-Id: Ife2a83b9d7f733f36e0e786ef79edcd394d7c0f9
Signed-off-by: Neale Ranns <nranns@cisco.com>
---
 src/vppinfra/string.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/vppinfra')

diff --git a/src/vppinfra/string.h b/src/vppinfra/string.h
index 8f165dfa18e..2c794baf71f 100644
--- a/src/vppinfra/string.h
+++ b/src/vppinfra/string.h
@@ -356,7 +356,7 @@ clib_count_equal_u64 (u64 * data, uword max_count)
 #endif
   count += 2;
   data += 2;
-  while (count < max_count - 3 &&
+  while (count + 3 < max_count &&
 	 ((data[0] ^ first) | (data[1] ^ first) |
 	  (data[2] ^ first) | (data[3] ^ first)) == 0)
     {
@@ -424,7 +424,7 @@ clib_count_equal_u32 (u32 * data, uword max_count)
 #endif
   count += 2;
   data += 2;
-  while (count < max_count - 3 &&
+  while (count + 3 < max_count &&
 	 ((data[0] ^ first) | (data[1] ^ first) |
 	  (data[2] ^ first) | (data[3] ^ first)) == 0)
     {
@@ -492,7 +492,7 @@ clib_count_equal_u16 (u16 * data, uword max_count)
 #endif
   count += 2;
   data += 2;
-  while (count < max_count - 3 &&
+  while (count + 3 < max_count &&
 	 ((data[0] ^ first) | (data[1] ^ first) |
 	  (data[2] ^ first) | (data[3] ^ first)) == 0)
     {
@@ -560,7 +560,7 @@ clib_count_equal_u8 (u8 * data, uword max_count)
 #endif
   count += 2;
   data += 2;
-  while (count < max_count - 3 &&
+  while (count + 3 < max_count &&
 	 ((data[0] ^ first) | (data[1] ^ first) |
 	  (data[2] ^ first) | (data[3] ^ first)) == 0)
     {
-- 
cgit 1.2.3-korg