From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=59871 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PFkXP-00009N-6v for qemu-devel@nongnu.org; Tue, 09 Nov 2010 04:31:59 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PFkWc-0000Gm-W7 for qemu-devel@nongnu.org; Tue, 09 Nov 2010 04:30:47 -0500 Received: from mail-vw0-f45.google.com ([209.85.212.45]:64977) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PFkWc-0000GS-Tx for qemu-devel@nongnu.org; Tue, 09 Nov 2010 04:29:58 -0500 Received: by vws4 with SMTP id 4so3084758vws.4 for ; Tue, 09 Nov 2010 01:29:58 -0800 (PST) Sender: Paolo Bonzini Message-ID: <4CD91492.6070404@redhat.com> Date: Tue, 09 Nov 2010 10:29:54 +0100 From: Paolo Bonzini MIME-Version: 1.0 References: <20101109073653.GF9036@redhat.com> In-Reply-To: <20101109073653.GF9036@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] Re: [PATCH] Out off array access in usb-net List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Gleb Natapov Cc: qemu-devel@nongnu.org On 11/09/2010 08:36 AM, Gleb Natapov wrote: > Properly check array bounds before accessing array element. > > Signed-off-by: Gleb Natapov > diff --git a/hw/usb-net.c b/hw/usb-net.c > index 70f9263..84e2d79 100644 > --- a/hw/usb-net.c > +++ b/hw/usb-net.c > @@ -1142,7 +1142,7 @@ static int usb_net_handle_control(USBDevice *dev, int request, int value, > break; > > default: > - if (usb_net_stringtable[value& 0xff]) { > + if (ARRAY_SIZE(usb_net_stringtable)> (value& 0xff)) { > ret = set_usb_string(data, > usb_net_stringtable[value& 0xff]); > break; > -- > Gleb. > Reviewed-by: Paolo Bonzini Paolo