[PATCH] crypto/qat: fix stack buffer overflow in SGL loop

[Ciara Power]

The cvec pointer was incremented incorrectly in the case where the
length of remaining_off equals cvec len, and there is no next cvec.
This led to cvec->iova being invalid memory to access.

Instead, only increment the cvec pointer when we know there is a next
cvec to point to, by checking the i value, which represents the number
of cvecs available.
If i is 0, then no need to increment as the current cvec is the last one.

Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request")
Cc: kai.ji at intel.com
Cc: stable at dpdk.org

Signed-off-by: Ciara Power <ciara.power at intel.com>
---
 drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
index 524c291340..092265631b 100644
--- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
+++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
@@ -682,7 +682,8 @@ enqueue_one_chain_job_gen1(struct qat_sym_session *ctx,
 		while (remaining_off >= cvec->len && i >= 1) {
 			i--;
 			remaining_off -= cvec->len;
-			cvec++;
+			if (i)
+				cvec++;
 		}
 
 		auth_iova_end = cvec->iova + remaining_off;
-- 
2.25.1