From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41923) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XrO5G-0005RF-Bd for qemu-devel@nongnu.org; Thu, 20 Nov 2014 04:31:35 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XrO57-0003ZN-B0 for qemu-devel@nongnu.org; Thu, 20 Nov 2014 04:31:26 -0500 Received: from mail-wi0-x235.google.com ([2a00:1450:400c:c05::235]:38714) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XrO57-0003Z4-3a for qemu-devel@nongnu.org; Thu, 20 Nov 2014 04:31:17 -0500 Received: by mail-wi0-f181.google.com with SMTP id r20so4649775wiv.8 for ; Thu, 20 Nov 2014 01:31:16 -0800 (PST) Sender: Paolo Bonzini Message-ID: <546DB4DF.5030706@redhat.com> Date: Thu, 20 Nov 2014 10:31:11 +0100 From: Paolo Bonzini MIME-Version: 1.0 References: <1416463034-8264-1-git-send-email-arei.gonglei@huawei.com> <1416463034-8264-5-git-send-email-arei.gonglei@huawei.com> <546D8A48.8040502@redhat.com> <546D905A.5020306@redhat.com> <546D9449.5020107@huawei.com> <546D9D50.4000500@redhat.com> <546DA0B5.3020705@huawei.com> <546DA23A.9040807@redhat.com> <546DA3DF.5080809@huawei.com> <546DA53E.7010106@redhat.com> In-Reply-To: <546DA53E.7010106@redhat.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside scope List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jason Wang , Gonglei Cc: "qemu-devel@nongnu.org" , "stefanha@redhat.com" , "Huangpeng (Peter)" On 20/11/2014 09:24, Jason Wang wrote: > On 11/20/2014 04:18 PM, Gonglei wrote: >> On 2014/11/20 16:11, Jason Wang wrote: >> >>> On 11/20/2014 04:05 PM, Gonglei wrote: >>>> On 2014/11/20 15:50, Jason Wang wrote: >>>> >>>>>>> Maybe just initialize iov unconditionally at the beginning and check >>>>>>>>> dot1q_buf instead of iov for the rest of the functions. (Need deal with >>>>>>>>> size < ETHER_ADDR_LEN * 2) >>>>>>> More complicated, because we can't initialize iov when >>>>>>> "size < ETHER_ADDR_LEN * 2". >>>>>>> >>>>>>> Best regards, >>>>>>> -Gonglei >>>>>>> >>>>> Probably not: you can just do something like: >>>>> >>>>> if (dot1q_buf && size < ETHER_ADDR_LEN * 2) { >>>>> dot1q_buf = NULL; >>>>> } >>>>> >>>>> and check dot1q_buf afterwards. Or just drop the packet since its size >>>>> was less than mininum frame length that Ethernet allows. >>>> Sorry, I don't understand. But, >>>> what's your meaning "initialize iov unconditionally at the beginning"? >>> Something like: >>> >>> @@ -1774,7 +1774,12 @@ static uint32_t >>> rtl8139_RxConfig_read(RTL8139State *s) >>> static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size, >>> int do_interrupt, const uint8_t *dot1q_buf) >>> { >>> - struct iovec *iov = NULL; >>> + struct iovec iov[3] = { >>> + { .iov_base = buf, .iov_len = ETHER_ADDR_LEN * 2 }, >>> + { .iov_base = (void *) dot1q_buf, .iov_len = VLAN_HLEN }, >>> + { .iov_base = buf + ETHER_ADDR_LEN * 2, >>> + .iov_len = size - ETHER_ADDR_LEN * 2 }, >>> + }; >>> >>> and assign dot1q_buf to NULL is size is not ok. >>> >> If "size < ETHER_ADDR_LEN * 2", .iov_len = size - ETHER_ADDR_LEN * 2 will be >> negative value; >> and if dot1q_buf is NULL, .iov_base = (void *) dot1q_buf will be NULL too. Any side-effect? > > Then you need check dot1q_buf instead of iov after. Iov won't be used if > dot1q_buf is NULL. Or just ignore the rules and use an initializer in the middle of the code: if (size < ETHER_ADDR_LEN * 2) { dot1q_buf = NULL; } struct iovec iov[3] = { ... }; and then check dot1q_buf instead of iov. Plenty of choices, choose your favorite. Paolo