qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] net: mcf: check buffer descriptor length

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH] net: mcf: check buffer descriptor length
Date: Wed, 21 Sep 2016 18:46:44 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 

On 21/09/2016 15:45, P J P wrote:
>          DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
>                  addr, bd.flags, bd.length, bd.data);
> -        if ((bd.flags & FEC_BD_R) == 0) {
> +        if (!bd.length || (bd.flags & FEC_BD_R) == 0) {
>              /* Run out of descriptors to transmit.  */
>              break;
>          }

Is this a bug?

I don't see anything problematic if len == 0 in the remainder of the code,
though I see a bug:

diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
index 0ee8ad9..5a5fc69 100644
--- a/hw/net/mcf_fec.c
+++ b/hw/net/mcf_fec.c
@@ -176,7 +176,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
         if (bd.flags & FEC_BD_L) {
             /* Last buffer in frame.  */
             DPRINTF("Sending packet\n");
-            qemu_send_packet(qemu_get_queue(s->nic), frame, len);
+            qemu_send_packet(qemu_get_queue(s->nic), frame, frame_size);
             ptr = frame;
             frame_size = 0;
             s->eir |= FEC_INT_TXF;

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]