[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] usb: fix unbounded stack warning for xhci_dma_w
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [Qemu-devel] [PATCH] usb: fix unbounded stack warning for xhci_dma_write_u32s |
|
Date: |
Thu, 10 Mar 2016 10:21:45 +0100 |
On Do, 2016-03-10 at 15:56 +0800, Peter Xu wrote:
> On Thu, Mar 10, 2016 at 08:34:13AM +0100, Gerd Hoffmann wrote:
> > On Do, 2016-03-10 at 10:11 +0800, Peter Xu wrote:
> > > Signed-off-by: Peter Xu <address@hidden>
> > > ---
> > > hw/usb/hcd-xhci.c | 6 ++++--
> > > 1 file changed, 4 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
> > > index 44b6f8c..d15918f 100644
> > > --- a/hw/usb/hcd-xhci.c
> > > +++ b/hw/usb/hcd-xhci.c
> > > @@ -698,11 +698,13 @@ static inline void xhci_dma_write_u32s(XHCIState
> > > *xhci, dma_addr_t addr,
> > > uint32_t *buf, size_t len)
> > > {
> > > int i;
> > > - uint32_t tmp[len / sizeof(uint32_t)];
> > > + uint32_t tmp[12];
> >
> > Where does the 12 come from?
>
> As mentioned in previous thread, because all the callers of
> xhci_dma_write_u32s() are using const size in "len". The maximum
> currently is 5 * sizeof(uint32_t) = 20 bytes
Can you note that in the commit message please?
> . Here I choose number
> bigger than 5 should work for now.
Why bigger? 5 should do just fine then, and the assert added should
make sure we'll notice if this needs an update due to code changes
elsewhere.
thanks,
Gerd