diff options
| author | Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> | 2016-08-02 12:41:20 +0300 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2016-08-03 18:44:57 +0200 |
| commit | e911765cbb9e9ddf5d952c88bb52180a62c6cea0 (patch) | |
| tree | 6036cab11ada53a9aee71a0368b3487e09d1305e /util/iov.c | |
| parent | 0d4104e5760221547fad158bbbb655a4e4c22b50 (diff) | |
| download | qemu-e911765cbb9e9ddf5d952c88bb52180a62c6cea0.tar.gz | |
util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset'
In cases where iov_copy() is passed with zero 'bytes' argument and a
non-zero 'offset' argument, nothing gets copied - as expected.
However no copy iterations are performed, so 'offset' is left
unaltered, leading to the final assert(offset == 0) to fail.
Instead, change the loop condition to continue as long as 'offset || bytes',
similar to other iov_* functions.
This ensures 'offset' gets zeroed (even if no actual copy is made),
unless it is beyond end of source iov - which is asserted.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Message-Id: <1470130880-1050-1-git-send-email-shmulik.ladkani@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'util/iov.c')
| -rw-r--r-- | util/iov.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/util/iov.c b/util/iov.c index 003fcce66f..74e6ca8ed7 100644 --- a/util/iov.c +++ b/util/iov.c @@ -247,7 +247,8 @@ unsigned iov_copy(struct iovec *dst_iov, unsigned int dst_iov_cnt, { size_t len; unsigned int i, j; - for (i = 0, j = 0; i < iov_cnt && j < dst_iov_cnt && bytes; i++) { + for (i = 0, j = 0; + i < iov_cnt && j < dst_iov_cnt && (offset || bytes); i++) { if (offset >= iov[i].iov_len) { offset -= iov[i].iov_len; continue; |