From e911765cbb9e9ddf5d952c88bb52180a62c6cea0 Mon Sep 17 00:00:00 2001 From: Shmulik Ladkani Date: Tue, 2 Aug 2016 12:41:20 +0300 Subject: [PATCH] util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset' In cases where iov_copy() is passed with zero 'bytes' argument and a non-zero 'offset' argument, nothing gets copied - as expected. However no copy iterations are performed, so 'offset' is left unaltered, leading to the final assert(offset == 0) to fail. Instead, change the loop condition to continue as long as 'offset || bytes', similar to other iov_* functions. This ensures 'offset' gets zeroed (even if no actual copy is made), unless it is beyond end of source iov - which is asserted. Signed-off-by: Shmulik Ladkani Message-Id: <1470130880-1050-1-git-send-email-shmulik.ladkani@oracle.com> Signed-off-by: Paolo Bonzini --- util/iov.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/util/iov.c b/util/iov.c index 003fcce66f..74e6ca8ed7 100644 --- a/util/iov.c +++ b/util/iov.c @@ -247,7 +247,8 @@ unsigned iov_copy(struct iovec *dst_iov, unsigned int dst_iov_cnt, { size_t len; unsigned int i, j; - for (i = 0, j = 0; i < iov_cnt && j < dst_iov_cnt && bytes; i++) { + for (i = 0, j = 0; + i < iov_cnt && j < dst_iov_cnt && (offset || bytes); i++) { if (offset >= iov[i].iov_len) { offset -= iov[i].iov_len; continue;