From ae703cdf31532e337cc18c259c883bf5314aa43a Mon Sep 17 00:00:00 2001
From: Steven Noonan <steven@uplinklabs.net>
Date: Fri, 16 Jan 2015 16:46:11 -0800
Subject: [PATCH] net: don't record/verify UDP sequence numbers if buffer is
 too small

This causes a bunch of out-of-bounds accesses if you have really small buffer
sizes (i.e. 16 bytes will crash).

Signed-off-by: Steven Noonan <steven@uplinklabs.net>
Signed-off-by: Jens Axboe <axboe@fb.com>
---
 engines/net.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/engines/net.c b/engines/net.c
index 7a0fe696..cd195352 100644
--- a/engines/net.c
+++ b/engines/net.c
@@ -484,6 +484,9 @@ static void store_udp_seq(struct netio_data *nd, struct io_u *io_u)
 {
 	struct udp_seq *us;
 
+	if (io_u->xfer_buflen < sizeof(*us))
+		return;
+
 	us = io_u->xfer_buf + io_u->xfer_buflen - sizeof(*us);
 	us->magic = cpu_to_le64((uint64_t) FIO_UDP_SEQ_MAGIC);
 	us->bs = cpu_to_le64((uint64_t) io_u->xfer_buflen);
@@ -496,6 +499,9 @@ static void verify_udp_seq(struct thread_data *td, struct netio_data *nd,
 	struct udp_seq *us;
 	uint64_t seq;
 
+	if (io_u->xfer_buflen < sizeof(*us))
+		return;
+
 	if (nd->seq_off)
 		return;
 
-- 
2.25.1