From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42228) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmhqJ-0002BY-Q9 for qemu-devel@nongnu.org; Wed, 21 Sep 2016 09:45:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bmhqG-0000hq-IU for qemu-devel@nongnu.org; Wed, 21 Sep 2016 09:45:43 -0400 Received: from mx1.redhat.com ([209.132.183.28]:46610) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmhqG-0000h8-BQ for qemu-devel@nongnu.org; Wed, 21 Sep 2016 09:45:40 -0400 From: P J P Date: Wed, 21 Sep 2016 19:15:25 +0530 Message-Id: <1474465525-31581-1-git-send-email-ppandit@redhat.com> Subject: [Qemu-devel] [PATCH for v2.6.0] net: imx: check buffer descriptor length List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Qemu Developers Cc: Jason Wang , Li Qiang , Prasad J Pandit From: Prasad J Pandit i.MX Fast Ethernet Controller uses buffer descriptors to manage data flow to/fro receive & transmit queues. While transmitting packets, it could continue to read buffer descriptors if a buffer descriptor has length of zero. Add check to avoid it. Reported-by: Li Qiang Signed-off-by: Prasad J Pandit --- hw/net/imx_fec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c index e60e338..31870b0 100644 --- a/hw/net/imx_fec.c +++ b/hw/net/imx_fec.c @@ -276,7 +276,7 @@ static void imx_fec_do_tx(IMXFECState *s) imx_fec_read_bd(&bd, addr); FEC_PRINTF("tx_bd %x flags %04x len %d data %08x\n", addr, bd.flags, bd.length, bd.data); - if ((bd.flags & FEC_BD_R) == 0) { + if (!bd.length || (bd.flags & FEC_BD_R) == 0) { /* Run out of descriptors to transmit. */ break; } -- 2.5.5