[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] usb: fix unbounded stack warning for xhci_dma_w
From: |
Peter Xu |
Subject: |
Re: [Qemu-devel] [PATCH] usb: fix unbounded stack warning for xhci_dma_write_u32s |
Date: |
Thu, 10 Mar 2016 15:56:12 +0800 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Thu, Mar 10, 2016 at 08:34:13AM +0100, Gerd Hoffmann wrote:
> On Do, 2016-03-10 at 10:11 +0800, Peter Xu wrote:
> > Signed-off-by: Peter Xu <address@hidden>
> > ---
> > hw/usb/hcd-xhci.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
> > index 44b6f8c..d15918f 100644
> > --- a/hw/usb/hcd-xhci.c
> > +++ b/hw/usb/hcd-xhci.c
> > @@ -698,11 +698,13 @@ static inline void xhci_dma_write_u32s(XHCIState
> > *xhci, dma_addr_t addr,
> > uint32_t *buf, size_t len)
> > {
> > int i;
> > - uint32_t tmp[len / sizeof(uint32_t)];
> > + uint32_t tmp[12];
>
> Where does the 12 come from?
As mentioned in previous thread, because all the callers of
xhci_dma_write_u32s() are using const size in "len". The maximum
currently is 5 * sizeof(uint32_t) = 20 bytes. Here I choose number
bigger than 5 should work for now. To make it a little bit bigger, I
just chose 12 with no specific reason... Since 8/12/16/... seems all
works for me.
Thanks.
Peter