Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gonglei <arei.gonglei@huawei.com>
To: Jason Wang <jasowang@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	"stefanha@redhat.com" <stefanha@redhat.com>,
	"Huangpeng (Peter)" <peter.huangpeng@huawei.com>
Subject: Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope
Date: Thu, 20 Nov 2014 16:52:04 +0800	[thread overview]
Message-ID: <546DABB4.4000402@huawei.com> (raw)
In-Reply-To: <546DA53E.7010106@redhat.com>

On 2014/11/20 16:24, Jason Wang wrote:

> On 11/20/2014 04:18 PM, Gonglei wrote:
>> On 2014/11/20 16:11, Jason Wang wrote:
>>
>>> On 11/20/2014 04:05 PM, Gonglei wrote:
>>>> On 2014/11/20 15:50, Jason Wang wrote:
>>>>
>>>>>>> Maybe just initialize iov unconditionally at the beginning and check
>>>>>>>>> dot1q_buf instead of iov for the rest of the functions. (Need deal with
>>>>>>>>> size < ETHER_ADDR_LEN * 2)
>>>>>>> More complicated, because we can't initialize iov when
>>>>>>>  "size < ETHER_ADDR_LEN * 2".
>>>>>>>
>>>>>>> Best regards,
>>>>>>> -Gonglei
>>>>>>>
>>>>> Probably not: you can just do something like:
>>>>>
>>>>>     if (dot1q_buf && size < ETHER_ADDR_LEN * 2) {
>>>>>         dot1q_buf = NULL;
>>>>>     }
>>>>>
>>>>> and check dot1q_buf afterwards. Or just drop the packet since its size
>>>>> was less than mininum frame length that Ethernet allows.
>>>> Sorry, I don't understand. But,
>>>> what's your meaning "initialize iov unconditionally at the beginning"?
>>> Something like:
>>>
>>> @@ -1774,7 +1774,12 @@ static uint32_t
>>> rtl8139_RxConfig_read(RTL8139State *s)
>>>  static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
>>>      int do_interrupt, const uint8_t *dot1q_buf)
>>>  {
>>> -    struct iovec *iov = NULL;
>>> +    struct iovec iov[3] = {
>>> +        { .iov_base = buf, .iov_len = ETHER_ADDR_LEN * 2 },
>>> +        { .iov_base = (void *) dot1q_buf, .iov_len = VLAN_HLEN },
>>> +        { .iov_base = buf + ETHER_ADDR_LEN * 2,
>>> +          .iov_len = size - ETHER_ADDR_LEN * 2 },
>>> +    };
>>>
>>> and assign dot1q_buf to NULL is size is not ok.
>>>
>> If "size <  ETHER_ADDR_LEN * 2", .iov_len = size - ETHER_ADDR_LEN * 2 will be
>> negative value;
>> and if dot1q_buf is NULL, .iov_base = (void *) dot1q_buf will be NULL too. Any side-effect?
> 
> Then you need check dot1q_buf instead of iov after. Iov won't be used if
> dot1q_buf is NULL.
>>

But that's  hacking IMHO.  Let's don't do this. ;)

>>> Just a suggestion, your call.
>> Thanks, Jason :)
>>
>> Best regards,
>> -Gonglei
>>
>

next prev parent reply	other threads:[~2014-11-20  8:52 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-20  5:57 [Qemu-devel] [PATCH 0/4] net: fix high impact outstanding defects reported by Coverity arei.gonglei
2014-11-20  5:57 ` [Qemu-devel] [PATCH 1/4] net/slirp: fix memory leak arei.gonglei
2014-11-20  6:20   ` Jason Wang
2014-11-20 11:50   ` Stefan Hajnoczi
2014-11-20  5:57 ` [Qemu-devel] [PATCH 2/4] net/socket: fix Uninitialized scalar variable arei.gonglei
2014-11-20  6:22   ` Jason Wang
2014-11-20 11:50   ` Stefan Hajnoczi
2014-11-20  5:57 ` [Qemu-devel] [PATCH 3/4] pcnet: fix Negative array index read arei.gonglei
2014-11-20  6:33   ` Jason Wang
2014-11-20  6:36   ` Paolo Bonzini
2014-11-20  6:44     ` Gonglei
2014-11-20  7:08       ` Paolo Bonzini
2014-11-20  7:38         ` Gonglei
2014-11-20 10:03           ` Paolo Bonzini
2014-11-20  5:57 ` [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope arei.gonglei
2014-11-20  6:29   ` Paolo Bonzini
2014-11-20  6:55     ` Jason Wang
2014-11-20  7:12       ` Gonglei
2014-11-20  7:50         ` Jason Wang
2014-11-20  8:05           ` Gonglei
2014-11-20  8:11             ` Jason Wang
2014-11-20  8:18               ` Gonglei
2014-11-20  8:24                 ` Jason Wang
2014-11-20  8:52                   ` Gonglei [this message]
2014-11-20  9:31                   ` Paolo Bonzini
2014-11-20 11:51 ` [Qemu-devel] [PATCH 0/4] net: fix high impact outstanding defects reported by Coverity Stefan Hajnoczi
2014-11-20 11:54   ` Gonglei

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=546DABB4.4000402@huawei.com \
    --to=arei.gonglei@huawei.com \
    --cc=jasowang@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.huangpeng@huawei.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.