[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope
|
From: |
Jason Wang |
|
Subject: |
Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope |
|
Date: |
Thu, 20 Nov 2014 16:24:30 +0800 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
On 11/20/2014 04:18 PM, Gonglei wrote:
> On 2014/11/20 16:11, Jason Wang wrote:
>
>> On 11/20/2014 04:05 PM, Gonglei wrote:
>>> On 2014/11/20 15:50, Jason Wang wrote:
>>>
>>>>>> Maybe just initialize iov unconditionally at the beginning and check
>>>>>>>> dot1q_buf instead of iov for the rest of the functions. (Need deal with
>>>>>>>> size < ETHER_ADDR_LEN * 2)
>>>>>> More complicated, because we can't initialize iov when
>>>>>> "size < ETHER_ADDR_LEN * 2".
>>>>>>
>>>>>> Best regards,
>>>>>> -Gonglei
>>>>>>
>>>> Probably not: you can just do something like:
>>>>
>>>> if (dot1q_buf && size < ETHER_ADDR_LEN * 2) {
>>>> dot1q_buf = NULL;
>>>> }
>>>>
>>>> and check dot1q_buf afterwards. Or just drop the packet since its size
>>>> was less than mininum frame length that Ethernet allows.
>>> Sorry, I don't understand. But,
>>> what's your meaning "initialize iov unconditionally at the beginning"?
>> Something like:
>>
>> @@ -1774,7 +1774,12 @@ static uint32_t
>> rtl8139_RxConfig_read(RTL8139State *s)
>> static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
>> int do_interrupt, const uint8_t *dot1q_buf)
>> {
>> - struct iovec *iov = NULL;
>> + struct iovec iov[3] = {
>> + { .iov_base = buf, .iov_len = ETHER_ADDR_LEN * 2 },
>> + { .iov_base = (void *) dot1q_buf, .iov_len = VLAN_HLEN },
>> + { .iov_base = buf + ETHER_ADDR_LEN * 2,
>> + .iov_len = size - ETHER_ADDR_LEN * 2 },
>> + };
>>
>> and assign dot1q_buf to NULL is size is not ok.
>>
> If "size < ETHER_ADDR_LEN * 2", .iov_len = size - ETHER_ADDR_LEN * 2 will be
> negative value;
> and if dot1q_buf is NULL, .iov_base = (void *) dot1q_buf will be NULL too.
> Any side-effect?
Then you need check dot1q_buf instead of iov after. Iov won't be used if
dot1q_buf is NULL.
>
>> Just a suggestion, your call.
> Thanks, Jason :)
>
> Best regards,
> -Gonglei
>
- Re: [Qemu-devel] [PATCH 3/4] pcnet: fix Negative array index read, (continued)
[Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, arei.gonglei, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Paolo Bonzini, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Jason Wang, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Gonglei, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Jason Wang, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Gonglei, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Jason Wang, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Gonglei, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope,
Jason Wang <=
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Gonglei, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Paolo Bonzini, 2014/11/20
[Qemu-devel] [PATCH 2/4] net/socket: fix Uninitialized scalar variable, arei.gonglei, 2014/11/20
[Qemu-devel] [PATCH 1/4] net/slirp: fix memory leak, arei.gonglei, 2014/11/20
Re: [Qemu-devel] [PATCH 0/4] net: fix high impact outstanding defects reported by Coverity, Stefan Hajnoczi, 2014/11/20