When handling the DUP_ACK flag, we copy all the buffers making up the ack
frame. However, all our frames share the same buffer for the Ethernet
header (tcp4_eth_src or tcp6_eth_src), so copying the TCP_IOV_ETH will
result in a (perfectly) overlapping memcpy(). This seems to have been
harmless so far, but overlapping ranges to memcpy() is undefined behaviour,
so we really should avoid it.
Signed-off-by: David Gibson
---
tcp_buf.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tcp_buf.c b/tcp_buf.c
index 2e044b27..1a398461 100644
--- a/tcp_buf.c
+++ b/tcp_buf.c
@@ -332,9 +332,13 @@ int tcp_buf_send_flag(struct ctx *c, struct tcp_tap_conn *conn, int flags)
else
dup_iov = tcp6_l2_flags_iov[tcp6_flags_used++];
- for (i = 0; i < TCP_NUM_IOVS; i++)
- memcpy(dup_iov[i].iov_base, iov[i].iov_base,
- iov[i].iov_len);
+ for (i = 0; i < TCP_NUM_IOVS; i++) {
+ /* All frames share the same ethernet header buffer */
+ if (i != TCP_IOV_ETH) {
+ memcpy(dup_iov[i].iov_base, iov[i].iov_base,
+ iov[i].iov_len);
+ }
+ }
dup_iov[TCP_IOV_PAYLOAD].iov_len = iov[TCP_IOV_PAYLOAD].iov_len;
}
--
2.46.0