[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 14/16] cadence_gem: avoid stack-writing buffer-o
|
From: |
Peter Crosthwaite |
|
Subject: |
Re: [Qemu-devel] [PATCH 14/16] cadence_gem: avoid stack-writing buffer-overrun |
|
Date: |
Wed, 20 Jun 2012 11:47:24 +1000 |
I re-sent this yesterday to trivial.
May end up getting queued for merge twice.
On Tue, Jun 19, 2012 at 11:31 PM, Peter Maydell
<address@hidden> wrote:
> From: Jim Meyering <address@hidden>
>
> Use sizeof(rxbuf)-size (not sizeof(rxbuf-size)) as the number
> of bytes to clear. The latter would always clear 4 or 8
> bytes, possibly writing beyond the end of that stack buffer.
> Alternatively, depending on the value of the "size" parameter,
> it could fail to initialize the end of "rxbuf".
> Spotted by coverity.
>
> Signed-off-by: Jim Meyering <address@hidden>
> Reviewed-by: Peter A.G. Crosthwaite <address@hidden>
> Signed-off-by: Peter Maydell <address@hidden>
> ---
> hw/cadence_gem.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/hw/cadence_gem.c b/hw/cadence_gem.c
> index e2140ae..dbde392 100644
> --- a/hw/cadence_gem.c
> +++ b/hw/cadence_gem.c
> @@ -664,7 +664,7 @@ static ssize_t gem_receive(VLANClientState *nc, const
> uint8_t *buf, size_t size)
> */
>
> memcpy(rxbuf, buf, size);
> - memset(rxbuf + size, 0, sizeof(rxbuf - size));
> + memset(rxbuf + size, 0, sizeof(rxbuf) - size);
> rxbuf_ptr = rxbuf;
> crc_val = cpu_to_le32(crc32(0, rxbuf, MAX(size, 60)));
> if (size < 60) {
> --
> 1.7.1
>
>
- [Qemu-devel] [PULL 00/16] arm-devs queue, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 16/16] arm_boot: Conditionalised DTB command line update, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 14/16] cadence_gem: avoid stack-writing buffer-overrun, Peter Maydell, 2012/06/19
- Re: [Qemu-devel] [PATCH 14/16] cadence_gem: avoid stack-writing buffer-overrun,
Peter Crosthwaite <=
- [Qemu-devel] [PATCH 04/16] hw/arm_gic: Remove the special casing of NCPU for the NVIC, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 09/16] hw/arm_gic.c: Make NVIC interrupt numbering a runtime setting, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 10/16] hw/arm_gic: Move CPU interface memory region setup into arm_gic_init, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 12/16] hw/omap.h: Drop broken MEM_VERBOSE tracing, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 15/16] cadence_ttc: changed master clock frequency, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 08/16] hw/arm_gic: Make CPU target registers RAZ/WI on uniprocessor, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 07/16] hw/arm_gic: Add qdev property for GIC revision, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 02/16] arm_boot: Fix typos in comment, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 13/16] hw/a9mpcore: Fix compilation failure if physaddrs are 64 bit, Peter Maydell, 2012/06/19
- [Qemu-devel] [PATCH 06/16] hw/armv7m_nvic: Use MemoryRegions for NVIC specific registers, Peter Maydell, 2012/06/19