[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 14/16] cadence_gem: avoid stack-writing buffer-overr
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PATCH 14/16] cadence_gem: avoid stack-writing buffer-overrun |
Date: |
Tue, 19 Jun 2012 14:31:11 +0100 |
From: Jim Meyering <address@hidden>
Use sizeof(rxbuf)-size (not sizeof(rxbuf-size)) as the number
of bytes to clear. The latter would always clear 4 or 8
bytes, possibly writing beyond the end of that stack buffer.
Alternatively, depending on the value of the "size" parameter,
it could fail to initialize the end of "rxbuf".
Spotted by coverity.
Signed-off-by: Jim Meyering <address@hidden>
Reviewed-by: Peter A.G. Crosthwaite <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
---
hw/cadence_gem.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/cadence_gem.c b/hw/cadence_gem.c
index e2140ae..dbde392 100644
--- a/hw/cadence_gem.c
+++ b/hw/cadence_gem.c
@@ -664,7 +664,7 @@ static ssize_t gem_receive(VLANClientState *nc, const
uint8_t *buf, size_t size)
*/
memcpy(rxbuf, buf, size);
- memset(rxbuf + size, 0, sizeof(rxbuf - size));
+ memset(rxbuf + size, 0, sizeof(rxbuf) - size);
rxbuf_ptr = rxbuf;
crc_val = cpu_to_le32(crc32(0, rxbuf, MAX(size, 60)));
if (size < 60) {
--
1.7.1
- [Qemu-devel] [PULL 00/16] arm-devs queue, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 16/16] arm_boot: Conditionalised DTB command line update, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 14/16] cadence_gem: avoid stack-writing buffer-overrun,
Peter Maydell <=
- [Qemu-devel] [PATCH 04/16] hw/arm_gic: Remove the special casing of NCPU for the NVIC, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 09/16] hw/arm_gic.c: Make NVIC interrupt numbering a runtime setting, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 10/16] hw/arm_gic: Move CPU interface memory region setup into arm_gic_init, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 12/16] hw/omap.h: Drop broken MEM_VERBOSE tracing, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 15/16] cadence_ttc: changed master clock frequency, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 08/16] hw/arm_gic: Make CPU target registers RAZ/WI on uniprocessor, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 07/16] hw/arm_gic: Add qdev property for GIC revision, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 02/16] arm_boot: Fix typos in comment, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 13/16] hw/a9mpcore: Fix compilation failure if physaddrs are 64 bit, Peter Maydell, 2012/06/19