From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35887)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1YWP48-0000KS-Rb
	for qemu-devel@nongnu.org; Fri, 13 Mar 2015 08:51:52 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1YWP47-0001HE-Np
	for qemu-devel@nongnu.org; Fri, 13 Mar 2015 08:51:48 -0400
Message-ID: <5502DD56.6080103@redhat.com>
Date: Fri, 13 Mar 2015 13:51:34 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <1426224119-8352-1-git-send-email-zhaoshenglong@huawei.com>
In-Reply-To: <1426224119-8352-1-git-send-email-zhaoshenglong@huawei.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] hw/net/e1000: fix integer endianness
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Shannon Zhao <zhaoshenglong@huawei.com>, qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, hangaohuai@huawei.com, qemu-trivial@nongnu.org, mjt@tls.msk.ru, peter.huangpeng@huawei.com, shannon.zhao@linaro.org, Stefan Hajnoczi <stefanha@redhat.com>



On 13/03/2015 06:21, Shannon Zhao wrote:
> It's detected by coverity.In is_vlan_packet s->mac_reg[VET] is
> unsigned int but is dereferenced as a narrower unsigned short.
> This may lead to unexpected results depending on machine
> endianness.

Sounds good.  CCing Stefan, net/ maintainer.

> Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
> ---
>  hw/net/e1000.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/net/e1000.c b/hw/net/e1000.c
> index a207e21..59d73cd 100644
> --- a/hw/net/e1000.c
> +++ b/hw/net/e1000.c
> @@ -578,7 +578,7 @@ static inline int
>  is_vlan_packet(E1000State *s, const uint8_t *buf)
>  {
>      return (be16_to_cpup((uint16_t *)(buf + 12)) ==
> -                le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
> +                le16_to_cpu(s->mac_reg[VET]));
>  }
>  
>  static inline int
> @@ -711,7 +711,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
>          (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
>          tp->vlan_needed = 1;
>          stw_be_p(tp->vlan_header,
> -                      le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
> +                      le16_to_cpu(s->mac_reg[VET]));
>          stw_be_p(tp->vlan_header + 2,
>                        le16_to_cpu(dp->upper.fields.special));
>      }
>