Fatal bug in Boomerang driver found
Gordon Oliver
gordo@telsur.cl
Tue Jul 7 11:11:58 1998
... Rob Riggs said ...
>@@ -1833,6 +1838,11 @@
> vp->stats.rx_packets++;
> }
> entry = (++vp->cur_rx) % RX_RING_SIZE;
>+ /* Wrap our counters -- otherwise the next for() loop fails */
>+ if (vp->cur_rx < 0) {
>+ vp->cur_rx = 0;
>+ vp->dirty_rx -= INT_MAX;
>+ }
> if (--rx_work_limit < 0)
> break;
this appears to have a one-off bug (vp->cur_rx is really more than INT_MAX)
rather than use < 0 you could use == INT_MAX or >= (some large number)
I'd suggest something like
if (vp->cur_rx > 1000000) {
vp->dirty_rx -= vp->cur_rx;
vp->cur_rx = 0;
}
sneaky bugs are less likely to catch you there...
-gordo