[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope
|
From: |
Gonglei |
|
Subject: |
Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope |
|
Date: |
Thu, 20 Nov 2014 16:52:04 +0800 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 |
On 2014/11/20 16:24, Jason Wang wrote:
> On 11/20/2014 04:18 PM, Gonglei wrote:
>> On 2014/11/20 16:11, Jason Wang wrote:
>>
>>> On 11/20/2014 04:05 PM, Gonglei wrote:
>>>> On 2014/11/20 15:50, Jason Wang wrote:
>>>>
>>>>>>> Maybe just initialize iov unconditionally at the beginning and check
>>>>>>>>> dot1q_buf instead of iov for the rest of the functions. (Need deal
>>>>>>>>> with
>>>>>>>>> size < ETHER_ADDR_LEN * 2)
>>>>>>> More complicated, because we can't initialize iov when
>>>>>>> "size < ETHER_ADDR_LEN * 2".
>>>>>>>
>>>>>>> Best regards,
>>>>>>> -Gonglei
>>>>>>>
>>>>> Probably not: you can just do something like:
>>>>>
>>>>> if (dot1q_buf && size < ETHER_ADDR_LEN * 2) {
>>>>> dot1q_buf = NULL;
>>>>> }
>>>>>
>>>>> and check dot1q_buf afterwards. Or just drop the packet since its size
>>>>> was less than mininum frame length that Ethernet allows.
>>>> Sorry, I don't understand. But,
>>>> what's your meaning "initialize iov unconditionally at the beginning"?
>>> Something like:
>>>
>>> @@ -1774,7 +1774,12 @@ static uint32_t
>>> rtl8139_RxConfig_read(RTL8139State *s)
>>> static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
>>> int do_interrupt, const uint8_t *dot1q_buf)
>>> {
>>> - struct iovec *iov = NULL;
>>> + struct iovec iov[3] = {
>>> + { .iov_base = buf, .iov_len = ETHER_ADDR_LEN * 2 },
>>> + { .iov_base = (void *) dot1q_buf, .iov_len = VLAN_HLEN },
>>> + { .iov_base = buf + ETHER_ADDR_LEN * 2,
>>> + .iov_len = size - ETHER_ADDR_LEN * 2 },
>>> + };
>>>
>>> and assign dot1q_buf to NULL is size is not ok.
>>>
>> If "size < ETHER_ADDR_LEN * 2", .iov_len = size - ETHER_ADDR_LEN * 2 will be
>> negative value;
>> and if dot1q_buf is NULL, .iov_base = (void *) dot1q_buf will be NULL too.
>> Any side-effect?
>
> Then you need check dot1q_buf instead of iov after. Iov won't be used if
> dot1q_buf is NULL.
>>
But that's hacking IMHO. Let's don't do this. ;)
>>> Just a suggestion, your call.
>> Thanks, Jason :)
>>
>> Best regards,
>> -Gonglei
>>
>
- Re: [Qemu-devel] [PATCH 3/4] pcnet: fix Negative array index read, (continued)
- [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, arei.gonglei, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Paolo Bonzini, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Jason Wang, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Gonglei, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Jason Wang, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Gonglei, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Jason Wang, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Gonglei, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Jason Wang, 2014/11/20
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope,
Gonglei <=
- Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope, Paolo Bonzini, 2014/11/20
[Qemu-devel] [PATCH 2/4] net/socket: fix Uninitialized scalar variable, arei.gonglei, 2014/11/20
[Qemu-devel] [PATCH 1/4] net/slirp: fix memory leak, arei.gonglei, 2014/11/20
Re: [Qemu-devel] [PATCH 0/4] net: fix high impact outstanding defects reported by Coverity, Stefan Hajnoczi, 2014/11/20