Re: [Qemu-devel] [PATCH 3/4] pcnet: fix Negative array index read

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Gonglei <arei.gonglei@huawei.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	"stefanha@redhat.com" <stefanha@redhat.com>,
	"Huangpeng (Peter)" <peter.huangpeng@huawei.com>
Subject: Re: [Qemu-devel] [PATCH 3/4] pcnet: fix Negative array index read
Date: Thu, 20 Nov 2014 15:38:59 +0800	[thread overview]
Message-ID: <546D9A93.5000706@huawei.com> (raw)
In-Reply-To: <546D9380.2050606@redhat.com>

On 2014/11/20 15:08, Paolo Bonzini wrote:

> 
> 
> On 20/11/2014 07:44, Gonglei wrote:
>> Maybe not, since two branch are "if and else if" not "if and else",
>> so this change make the below code segment's wide ...
>>>>     bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
>>>>     s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
>>>>                      s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
>>>>     s->xmit_pos += bcnt;
>> ... more extensive.
> 
> After your patch that fixes the coverity report, they are
> 
>    if (a && b)
>    else if (b)
> 
> so you can change it to
> 
>    if (!b) goto txdone;
>    if (a) ...
>    else ...
> 
> and then
> 
>    if (!b) goto txdone;
>    <common part>
>    if (!a) {
>        <extra part from else>
>    }
> 
> Paolo

I know your mean now, thanks ;)
What about this below way? Maybe more clear.

        if (s->xmit_pos < 0) {
            goto txdone;
        }
        int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
        s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
                         s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
        s->xmit_pos += bcnt;

        if (!GET_FIELD(tmd.status, TMDS, ENP)) {
            goto txdone;
        }

#ifdef PCNET_DEBUG
        printf("pcnet_transmit size=%d\n", s->xmit_pos);
#endif
        if (CSR_LOOP(s)) {
            if (BCR_SWSTYLE(s) == 1)
                add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
            s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
            pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos);
            s->looptest = 0;
        } else
            if (s->nic)
                qemu_send_packet(qemu_get_queue(s->nic), s->buffer,
                                 s->xmit_pos);

        s->csr[0] &= ~0x0008;   /* clear TDMD */
        s->csr[4] |= 0x0004;    /* set TXSTRT */
        s->xmit_pos = -1;

 txdone:

Best regards,
-Gonglei

next prev parent reply	other threads:[~2014-11-20  7:39 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-20  5:57 [Qemu-devel] [PATCH 0/4] net: fix high impact outstanding defects reported by Coverity arei.gonglei
2014-11-20  5:57 ` [Qemu-devel] [PATCH 1/4] net/slirp: fix memory leak arei.gonglei
2014-11-20  6:20   ` Jason Wang
2014-11-20 11:50   ` Stefan Hajnoczi
2014-11-20  5:57 ` [Qemu-devel] [PATCH 2/4] net/socket: fix Uninitialized scalar variable arei.gonglei
2014-11-20  6:22   ` Jason Wang
2014-11-20 11:50   ` Stefan Hajnoczi
2014-11-20  5:57 ` [Qemu-devel] [PATCH 3/4] pcnet: fix Negative array index read arei.gonglei
2014-11-20  6:33   ` Jason Wang
2014-11-20  6:36   ` Paolo Bonzini
2014-11-20  6:44     ` Gonglei
2014-11-20  7:08       ` Paolo Bonzini
2014-11-20  7:38         ` Gonglei [this message]
2014-11-20 10:03           ` Paolo Bonzini
2014-11-20  5:57 ` [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope arei.gonglei
2014-11-20  6:29   ` Paolo Bonzini
2014-11-20  6:55     ` Jason Wang
2014-11-20  7:12       ` Gonglei
2014-11-20  7:50         ` Jason Wang
2014-11-20  8:05           ` Gonglei
2014-11-20  8:11             ` Jason Wang
2014-11-20  8:18               ` Gonglei
2014-11-20  8:24                 ` Jason Wang
2014-11-20  8:52                   ` Gonglei
2014-11-20  9:31                   ` Paolo Bonzini
2014-11-20 11:51 ` [Qemu-devel] [PATCH 0/4] net: fix high impact outstanding defects reported by Coverity Stefan Hajnoczi
2014-11-20 11:54   ` Gonglei

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=546D9A93.5000706@huawei.com \
    --to=arei.gonglei@huawei.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.huangpeng@huawei.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).