From 8d03f2b53b7df58bc0f80a2983e36896ae728ec5 Mon Sep 17 00:00:00 2001
From: Paul Saab <ps@FreeBSD.org>
Date: Wed, 12 Jan 2005 21:40:51 +0000
Subject: Fix a TCP SACK related crash resulting from incorrect computation of
 len in tcp_output(), in the case where the FIN has already been transmitted.
 The mis-computation of len is because of a gcc optimization issue, which this
 change works around.

Submitted by:	Mohan Srinivasan
---
 sys/netinet/tcp_output.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

(limited to 'sys/netinet/tcp_output.c')

diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index 2a88c521a39a..fce9c9c448a1 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -312,12 +312,22 @@ after_sack_rexmit:
 			 */
 			len = ((long)ulmin(so->so_snd.sb_cc, tp->snd_wnd) 
 			       - off);
-			cwin = tp->snd_cwnd - 
-				(tp->snd_nxt - tp->sack_newdata) -
-				sack_bytes_rxmt;
-			if (cwin < 0)
-				cwin = 0;
-			len = lmin(len, cwin);
+			/*
+			 * Don't remove this (len > 0) check !
+			 * We explicitly check for len > 0 here (although it 
+			 * isn't really necessary), to work around a gcc 
+			 * optimization issue - to force gcc to compute
+			 * len above. Without this check, the computation
+			 * of len is bungled by the optimizer.
+			 */
+			if (len > 0) {
+				cwin = tp->snd_cwnd - 
+					(tp->snd_nxt - tp->sack_newdata) -
+					sack_bytes_rxmt;
+				if (cwin < 0)
+					cwin = 0;
+				len = lmin(len, cwin);
+			}
 		}
 	}
 
-- 
cgit v1.2.3