From: Steven Noonan <steven@uplinklabs.net>
Date: Sat, 17 Jan 2015 00:46:11 +0000 (-0800)
Subject: net: don't record/verify UDP sequence numbers if buffer is too small
X-Git-Tag: fio-2.2.5~3
X-Git-Url: https://git.kernel.dk/?p=fio.git;a=commitdiff_plain;h=ae703cdf31532e337cc18c259c883bf5314aa43a;hp=cbe000462519f8d8bfeb119029177a5a3788296a

net: don't record/verify UDP sequence numbers if buffer is too small

This causes a bunch of out-of-bounds accesses if you have really small buffer
sizes (i.e. 16 bytes will crash).

Signed-off-by: Steven Noonan <steven@uplinklabs.net>
Signed-off-by: Jens Axboe <axboe@fb.com>
---

diff --git a/engines/net.c b/engines/net.c
index 7a0fe696..cd195352 100644
--- a/engines/net.c
+++ b/engines/net.c
@@ -484,6 +484,9 @@ static void store_udp_seq(struct netio_data *nd, struct io_u *io_u)
 {
 	struct udp_seq *us;
 
+	if (io_u->xfer_buflen < sizeof(*us))
+		return;
+
 	us = io_u->xfer_buf + io_u->xfer_buflen - sizeof(*us);
 	us->magic = cpu_to_le64((uint64_t) FIO_UDP_SEQ_MAGIC);
 	us->bs = cpu_to_le64((uint64_t) io_u->xfer_buflen);
@@ -496,6 +499,9 @@ static void verify_udp_seq(struct thread_data *td, struct netio_data *nd,
 	struct udp_seq *us;
 	uint64_t seq;
 
+	if (io_u->xfer_buflen < sizeof(*us))
+		return;
+
 	if (nd->seq_off)
 		return;