On Fri, Nov 10, 2017 at 06:37:22AM +0000, Horia Geantă wrote: > On 11/10/2017 12:21 AM, Herbert Xu wrote: > > On Thu, Nov 09, 2017 at 02:37:29PM +0000, Horia Geantă wrote: > >> > >>>> sg_init_table(sg, np + 1); > >> sg_mark_end() marks sg[np]. > >> > >>>> - np--; > >>>> + if (rem) > >>>> + np--; > >>>> for (k = 0; k < np; k++) > >>>> sg_set_buf(&sg[k + 1], xbuf[k], PAGE_SIZE); > >> In case rem == 0, last k value is np-1, thus sg[np-1+1] will be filled > >> here with xbuf[np-1]. > > > > No, if rem == 0, then the last k value is np-2. > > > Notice that np-- above the for loop is done conditionally, so in the for > loop k takes values in [0, np-1]. > This means the for loop fills sg[1]...sg[np]. I must be missing something. In the case rem == 0, let's say the original value of np is npo. Then at the start of the loop, np = npo - 1, and at the last iteration, k = npo - 2, so we do sg_set_buf(&sg[npo - 1], xbuf[npo - 2], PAGE_SIZE); While the sg_init_table call sets the end-of-table at sg_init_table(sg, npo + 1); I can't see how this can be right. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
