qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Out off array access in usb-net


From: Markus Armbruster
Subject: Re: [Qemu-devel] [PATCH] Out off array access in usb-net
Date: Tue, 09 Nov 2010 10:30:54 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)

Gleb Natapov <address@hidden> writes:

> Properly check array bounds before accessing array element.

Impact?

Apply to stable as well?

> Signed-off-by: Gleb Natapov <address@hidden>
> diff --git a/hw/usb-net.c b/hw/usb-net.c
> index 70f9263..84e2d79 100644
> --- a/hw/usb-net.c
> +++ b/hw/usb-net.c
> @@ -1142,7 +1142,7 @@ static int usb_net_handle_control(USBDevice *dev, int 
> request, int value,
>                  break;
>  
>              default:
> -                if (usb_net_stringtable[value & 0xff]) {
> +                if (ARRAY_SIZE(usb_net_stringtable) > (value & 0xff)) {
>                      ret = set_usb_string(data,
>                                      usb_net_stringtable[value & 0xff]);
>                      break;

Makes sense.

Nitpick: LIMIT > INDEX looks unusual to me; INDEX < LIMIT is more
common.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]