From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44290) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WV0Wo-0006lV-0x for qemu-devel@nongnu.org; Tue, 01 Apr 2014 11:23:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WV0Wh-0004v2-TW for qemu-devel@nongnu.org; Tue, 01 Apr 2014 11:23:05 -0400 Date: Tue, 1 Apr 2014 18:22:51 +0300 From: "Michael S. Tsirkin" Message-ID: <20140401152251.GC9260@redhat.com> References: <1396275242-10810-1-git-send-email-mst@redhat.com> <1396275242-10810-16-git-send-email-mst@redhat.com> <20140401095153.GD2411@work-vm> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [Qemu-devel] [PATCH v4 15/30] stellaris_enet: avoid buffer orerrun on incoming migration (part 3) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: QEMU Developers , qemu-stable , "Dr. David Alan Gilbert" , Michael Roth On Tue, Apr 01, 2014 at 11:06:48AM +0100, Peter Maydell wrote: > On 1 April 2014 10:51, Dr. David Alan Gilbert wrote: > > So lets say that tx_frame_len is initially 2032 when written; 14 is added to it > > at this point, and if the CRC flag is set then another 4. Thus it seems a user > > can set the value in tx_frame_len to 2032+14+4=2050 - which is a bit worrying > > given the buffer is only 2048 bytes. > > > Yep, see my equivalent remarks in the other patch. > > Michael -- can we please squash these two patches into one? > It's really hard to review the code for correctness when > half the logic for dealing with the tx fifo is in a > different patch... > > thanks > -- PMM Will do - part 1 as well?