[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATVH v2] net: ne2000: fix bounds check in ioport oper
From: |
P J P |
Subject: |
Re: [Qemu-devel] [PATVH v2] net: ne2000: fix bounds check in ioport operations |
Date: |
Thu, 31 Dec 2015 11:26:51 +0530 (IST) |
+-- On Thu, 31 Dec 2015, Jason Wang wrote --+
| > - (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
| > + if (addr < 32 || (addr >= NE2000_PMEM_START && addr <
NE2000_MEM_SIZE)) {
|
| The change is unnecessary.
Okay.
| > + if (addr < 32
| > + || (addr >= NE2000_PMEM_START
| > + && addr + sizeof(uint16_t) < NE2000_MEM_SIZE)) {
|
| I think you mean '<=' instead of '<' here? (And for the other checks below).
I think <= would lead to an off-by-one, no? As the last array index would be
one less than the size; Same as ne2000_mem_readb() above.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F