[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v4 15/30] stellaris_enet: avoid buffer orerrun o
|
From: |
Michael S. Tsirkin |
|
Subject: |
Re: [Qemu-devel] [PATCH v4 15/30] stellaris_enet: avoid buffer orerrun on incoming migration (part 3) |
|
Date: |
Tue, 1 Apr 2014 18:22:51 +0300 |
On Tue, Apr 01, 2014 at 11:06:48AM +0100, Peter Maydell wrote:
> On 1 April 2014 10:51, Dr. David Alan Gilbert <address@hidden> wrote:
> > So lets say that tx_frame_len is initially 2032 when written; 14 is added
> > to it
> > at this point, and if the CRC flag is set then another 4. Thus it seems a
> > user
> > can set the value in tx_frame_len to 2032+14+4=2050 - which is a bit
> > worrying
> > given the buffer is only 2048 bytes.
>
>
> Yep, see my equivalent remarks in the other patch.
>
> Michael -- can we please squash these two patches into one?
> It's really hard to review the code for correctness when
> half the logic for dealing with the tx fifo is in a
> different patch...
>
> thanks
> -- PMM
Will do - part 1 as well?