qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v3] scsi: esp: check length before dma read


From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH v3] scsi: esp: check length before dma read
Date: Wed, 15 Jun 2016 18:36:51 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0


On 15/06/2016 18:16, P J P wrote:
> From: Prasad J Pandit <address@hidden>
> 
> While doing DMA read into ESP command buffer 's->cmdbuf', the
> length parameter could exceed the buffer size. Add check to avoid
> OOB access. Also increase the command buffer size to 32, which
> is maximum when 's->do_cmd' is set.

Actually, the commit message is wrong.  The length parameter cannot
exceed the buffer size anymore.  Can you do a v4 with the corrected
commit message and an assert that avoids overflows like in Laszlo's
proposal?  I think this:

   assert (s->cmdlen <= sizeof(s->cmdbuf) &&
           len <= sizeof(s->cmdbuf) - s->cmdlen);

would do.

Thanks,

Paolo



reply via email to

[Prev in Thread] Current Thread [Next in Thread]