Hello! I have found a problem with virtqueue_read_indirect_desc function, which was advancing pointer to struct as it was a byte pointer, so every element comming after first chunk would be copied somewhere out of buffer.
As I understand this is cold path, but nevertheless worth fixing. Also, exacly same problem in vduse_queue_read_indirect_desc function, because as I understand it is a copy of virtqueue_read_indirect_desc with vduse backend. I was not sure if element of scattered buffer may end in the middle of vring_desc struct data, so instead of writing desc += read_len/sizeof(struct vring_desc) have implemented fix with proper byte pointer arithmetic. Sincerely, Temir. Temir Zharaspayev (2): libvhost-user: Fix pointer arithmetic in indirect read libvduse: Fix pointer arithmetic in indirect read subprojects/libvduse/libvduse.c | 11 ++++++----- subprojects/libvhost-user/libvhost-user.c | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) -- 2.34.1