From 047b19d2715f1cba98d8c5de8174466256bc7f64 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 23 Jun 2011 15:27:49 +0200
Subject: [PATCH] Fix a reassembly bug that in some cases could lead to a
 crash.

---
 src/stream-tcp-reassemble.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 9238558c39..2e042979fd 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -2814,8 +2814,8 @@ static int StreamTcpReassembleAppLayer (TcpReassemblyThreadCtx *ra_ctx,
         /* if the segment ends beyond ra_base_seq we need to consider it */
         if (SEQ_GT((seg->seq + seg->payload_len), ra_base_seq+1)) {
             SCLogDebug("seg->seq %" PRIu32 ", seg->payload_len %" PRIu32 ", "
-                    "ra_base_seq %" PRIu32 "", seg->seq,
-                    seg->payload_len, ra_base_seq);
+                    "ra_base_seq %" PRIu32 ", last_ack %"PRIu32, seg->seq,
+                    seg->payload_len, ra_base_seq, stream->last_ack);
 
             /* handle segments partly before ra_base_seq */
             if (SEQ_GT(ra_base_seq, seg->seq)) {
@@ -2823,7 +2823,7 @@ static int StreamTcpReassembleAppLayer (TcpReassemblyThreadCtx *ra_ctx,
                 SCLogDebug("payload_offset %u", payload_offset);
 
                 if (SEQ_LT(stream->last_ack, (seg->seq + seg->payload_len))) {
-                    if (SEQ_LT(stream->last_ack, ra_base_seq)) {
+                    if (SEQ_LT(stream->last_ack, (ra_base_seq + 1))) {
                         payload_len = (stream->last_ack - seg->seq);
                         SCLogDebug("payload_len %u", payload_len);
                     } else {