From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42482) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmhqb-0002PM-9y for qemu-devel@nongnu.org; Wed, 21 Sep 2016 09:46:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bmhqX-0000rW-73 for qemu-devel@nongnu.org; Wed, 21 Sep 2016 09:46:00 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40528) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmhqX-0000rI-0t for qemu-devel@nongnu.org; Wed, 21 Sep 2016 09:45:57 -0400 From: P J P Date: Wed, 21 Sep 2016 19:15:47 +0530 Message-Id: <1474465547-31638-1-git-send-email-ppandit@redhat.com> Subject: [Qemu-devel] [PATCH] net: mcf: check buffer descriptor length List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Qemu Developers Cc: Jason Wang , Li Qiang , Prasad J Pandit From: Prasad J Pandit ColdFire Fast Ethernet Controller uses buffer descriptors to manage data flow to/fro receive & transmit queues. While transmitting packets, it could continue to read buffer descriptors if a buffer descriptor has length of zero. Add check to avoid it. Reported-by: Li Qiang Signed-off-by: Prasad J Pandit --- hw/net/mcf_fec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c index 7c0398e..f193e15 100644 --- a/hw/net/mcf_fec.c +++ b/hw/net/mcf_fec.c @@ -161,7 +161,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s) mcf_fec_read_bd(&bd, addr); DPRINTF("tx_bd %x flags %04x len %d data %08x\n", addr, bd.flags, bd.length, bd.data); - if ((bd.flags & FEC_BD_R) == 0) { + if (!bd.length || (bd.flags & FEC_BD_R) == 0) { /* Run out of descriptors to transmit. */ break; } -- 2.5.5