don't blindly trust region_hint

Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/lib/dma.c b/lib/dma.c
index deb5511..cc79807 100644
--- a/lib/dma.c
+++ b/lib/dma.c
@@ -116,6 +116,10 @@ dma_controller_remove_region(lm_ctx_t *lm_ctx, dma_controller_t *dma,
         if (region->dma_addr == dma_addr && region->size == size) {
             _dma_controller_do_remove_region(lm_ctx, region);
             if (dma->nregions > 1)
+                /*
+                 * FIXME valgrind complains with 'Source and destination overlap in memcpy',
+                 * check whether memmove eliminates this warning.
+                 */
                 memcpy(region, &dma->regions[dma->nregions - 1],
                        sizeof *region);
             dma->nregions--;
diff --git a/lib/dma.h b/lib/dma.h
index 9f83ed7..3dfe318 100644
--- a/lib/dma.h
+++ b/lib/dma.h
@@ -139,7 +139,8 @@ dma_addr_to_sg(const dma_controller_t *dma,
 
     // Fast path: single region.
     if (likely(max_sg > 0 && len > 0 &&
-               dma_addr >= region->dma_addr && dma_addr + len <= region_end)) {
+               dma_addr >= region->dma_addr && dma_addr + len <= region_end &&
+               region_hint < dma->nregions)) {
         sg->region = region_hint;
         sg->offset = dma_addr - region->dma_addr;
         sg->length = len;