From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44112) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WUs6O-0004g4-C5 for qemu-devel@nongnu.org; Tue, 01 Apr 2014 02:23:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WUs6I-0000ai-6z for qemu-devel@nongnu.org; Tue, 01 Apr 2014 02:23:16 -0400 Message-ID: <1396333381.17363.3.camel@nilsson.home.kraxel.org> From: Gerd Hoffmann Date: Tue, 01 Apr 2014 08:23:01 +0200 In-Reply-To: References: <1396275242-10810-1-git-send-email-mst@redhat.com> <1396275242-10810-25-git-send-email-mst@redhat.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH v4 24/30] usb: sanity check setup_index+setup_len in post_load List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: Michael Roth , qemu-stable , QEMU Developers , Dave Gilbert , "Michael S. Tsirkin" > > + if (dev->setup_index >= sizeof(dev->data_buf) || > > + dev->setup_len >= sizeof(dev->data_buf)) { > > + return -EINVAL; > > + } > > return 0; > > } > > (2) Shouldn't we be checking for setup_index and setup_len > being negative as well? Oops, they are signed, so yes, I guess we should. Or we can just make them unsigned, they should never ever be negative. But I'm not fully sure we can do that without breaking migration ... cheers, Gerd