[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3] scsi: esp: check length before dma read
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH v3] scsi: esp: check length before dma read |
Date: |
Wed, 15 Jun 2016 20:27:21 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 |
On 15/06/2016 19:18, P J P wrote:
> Hello Paolo,
>
> +-- On Wed, 15 Jun 2016, Paolo Bonzini wrote --+
> | Actually, the commit message is wrong. The length parameter cannot
> | exceed the buffer size anymore.
>
> It wouldn't exceed after this patch, right? Is it possible 'esp_do_dma' is
> called via 'esp_transfer_data' with 's->do_cmd' set? 'len' isn't checked
> there.
No, it's not possible; see the discussion in reply to v1.
Paolo