From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46518)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <shmulik.ladkani@oracle.com>) id 1bUWDW-000534-2e
	for qemu-devel@nongnu.org; Tue, 02 Aug 2016 05:42:33 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <shmulik.ladkani@oracle.com>) id 1bUWDQ-0006Cr-3J
	for qemu-devel@nongnu.org; Tue, 02 Aug 2016 05:42:28 -0400
Received: from aserp1040.oracle.com ([141.146.126.69]:32572)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <shmulik.ladkani@oracle.com>) id 1bUWDP-0006CK-QT
	for qemu-devel@nongnu.org; Tue, 02 Aug 2016 05:42:24 -0400
From: Shmulik Ladkani <shmulik.ladkani@oracle.com>
Date: Tue,  2 Aug 2016 12:41:20 +0300
Message-Id: <1470130880-1050-1-git-send-email-shmulik.ladkani@oracle.com>
Subject: [Qemu-devel] [PATCH v2] util: Fix assertion in iov_copy() upon zero
 'bytes' and non-zero 'offset'
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Michael S. Tsirkin" <mst@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Cc: Dmitry Fleytman <dmitry@daynix.com>, Jason Wang <jasowang@redhat.com>, Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>

From: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>

In cases where iov_copy() is passed with zero 'bytes' argument and a
non-zero 'offset' argument, nothing gets copied - as expected.

However no copy iterations are performed, so 'offset' is left
unaltered, leading to the final assert(offset == 0) to fail.

Instead, change the loop condition to continue as long as 'offset || bytes',
similar to other iov_* functions.

This ensures 'offset' gets zeroed (even if no actual copy is made),
unless it is beyond end of source iov - which is asserted.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
---
 util/iov.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

 v2: Instead of relaxing the assertion, modify loop condition,
     as suggested by Paolo

diff --git a/util/iov.c b/util/iov.c
index 003fcce..74e6ca8 100644
--- a/util/iov.c
+++ b/util/iov.c
@@ -247,7 +247,8 @@ unsigned iov_copy(struct iovec *dst_iov, unsigned int dst_iov_cnt,
 {
     size_t len;
     unsigned int i, j;
-    for (i = 0, j = 0; i < iov_cnt && j < dst_iov_cnt && bytes; i++) {
+    for (i = 0, j = 0;
+         i < iov_cnt && j < dst_iov_cnt && (offset || bytes); i++) {
         if (offset >= iov[i].iov_len) {
             offset -= iov[i].iov_len;
             continue;
-- 
1.9.1