From 4b1c2e5f482d7b1f3b4b45fdbd46782c85f29eae Mon Sep 17 00:00:00 2001
From: Seth Howell <seth.howell@intel.com>
Date: Fri, 31 Aug 2018 08:39:04 -0700
Subject: [PATCH] blob: Make sure that our IOVs match the io size

This is in response to a Scan-build error with Clang 6.0 but is a real
bug. If we don't match up our IOVs properly with the lenght we provide,
we could jump over the iov list into invalid memory in
_spdk_rw_iov_split_next.

Change-Id: I472a7aa53027af0a18ebeee8226e0b008447cce4
Signed-off-by: Seth Howell <seth.howell@intel.com>
Reviewed-on: https://review.gerrithub.io/424248
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Chandler-Test-Pool: SPDK Automated Test System <sys_sgsw@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
---
 lib/blob/blobstore.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/blob/blobstore.c b/lib/blob/blobstore.c
index f351e8dc6..5a09285ce 100644
--- a/lib/blob/blobstore.c
+++ b/lib/blob/blobstore.c
@@ -2023,6 +2023,7 @@ _spdk_rw_iov_split_next(void *cb_arg, int bserrno)
 	iov = &ctx->iov[0];
 	iovcnt = 0;
 	while (byte_count > 0) {
+		assert(iovcnt < ctx->iovcnt);
 		iov->iov_len = spdk_min(byte_count, orig_iov->iov_len - orig_iovoff);
 		iov->iov_base = orig_iov->iov_base + orig_iovoff;
 		byte_count -= iov->iov_len;