[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-stable] [PATCH v4 15/30] stellaris_enet: avoid buffer orerrun
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-stable] [PATCH v4 15/30] stellaris_enet: avoid buffer orerrun on incoming migration (part 3) |
|
Date: |
Tue, 1 Apr 2014 11:06:48 +0100 |
On 1 April 2014 10:51, Dr. David Alan Gilbert <address@hidden> wrote:
> So lets say that tx_frame_len is initially 2032 when written; 14 is added to
> it
> at this point, and if the CRC flag is set then another 4. Thus it seems a
> user
> can set the value in tx_frame_len to 2032+14+4=2050 - which is a bit worrying
> given the buffer is only 2048 bytes.
Yep, see my equivalent remarks in the other patch.
Michael -- can we please squash these two patches into one?
It's really hard to review the code for correctness when
half the logic for dealing with the tx fifo is in a
different patch...
thanks
-- PMM