check when increasing vec_idx that it is still valid
in the (buf_len < dev->vhost_hlen) case too.
Signed-off-by: Claudio Fontana <cfont...@suse.de>
---
lib/vhost/virtio_net.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index 0b8db2046e..6d34feaf73 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2701,12 +2701,15 @@ desc_to_mbuf(struct virtio_net *dev, struct
vhost_virtqueue *vq,
if (unlikely(buf_len < dev->vhost_hlen)) {
buf_offset = dev->vhost_hlen - buf_len;
vec_idx++;
+ if (unlikely(vec_idx >= nr_vec))
+ goto error;
buf_addr = buf_vec[vec_idx].buf_addr;
buf_iova = buf_vec[vec_idx].buf_iova;
buf_len = buf_vec[vec_idx].buf_len;
buf_avail = buf_len - buf_offset;
} else if (buf_len == dev->vhost_hlen) {
- if (unlikely(++vec_idx >= nr_vec))
+ vec_idx++;
+ if (unlikely(vec_idx >= nr_vec))
goto error;
buf_addr = buf_vec[vec_idx].buf_addr;
buf_iova = buf_vec[vec_idx].buf_iova;
--
2.26.2
