[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 3/9] ccid-card-passthru: Assert on a stricter
From: |
Marc-André Lureau |
Subject: |
Re: [Qemu-devel] [PATCH v2 3/9] ccid-card-passthru: Assert on a stricter expression |
Date: |
Fri, 15 Feb 2019 12:15:47 +0100 |
Hi
On Thu, Feb 14, 2019 at 9:20 PM Philippe Mathieu-Daudé
<address@hidden> wrote:
>
> Suggested-by: Paolo Bonzini <address@hidden>
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
> hw/usb/ccid-card-passthru.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
> index 1676b5fc05..0c44b38fc2 100644
> --- a/hw/usb/ccid-card-passthru.c
> +++ b/hw/usb/ccid-card-passthru.c
> @@ -270,7 +270,7 @@ static void ccid_card_vscard_read(void *opaque, const
> uint8_t *buf, int size)
> VSCMsgHeader *hdr;
>
> assert(size <= VSCARD_IN_SIZE - card->vscard_in_pos);
> - assert(card->vscard_in_hdr < VSCARD_IN_SIZE);
> + assert(card->vscard_in_hdr < card->vscard_in_pos);
I think you need "<=".
card->vscard_in_hdr is updated in the loop and may reach card->vscard_in_pos:
while ((card->vscard_in_pos - card->vscard_in_hdr >= sizeof(VSCMsgHeader))
&&(card->vscard_in_pos - card->vscard_in_hdr >=
sizeof(VSCMsgHeader) + ntohl(hdr->length))) {
...
card->vscard_in_hdr += hdr->length + sizeof(VSCMsgHeader);
...
}
if "hdr->length + sizeof(VSCMsgHeader)" == "card->vscard_in_pos -
card->vscard_in_hdr", card->vscard_in_hdr == card->vscard_in_pos after
the loop.
I think the existing assert() could also stay.
> memcpy(card->vscard_in_data + card->vscard_in_pos, buf, size);
> card->vscard_in_pos += size;
> hdr = (VSCMsgHeader *)(card->vscard_in_data + card->vscard_in_hdr);
> --
> 2.20.1
>
- [Qemu-devel] [PATCH v2 0/9] ccid-card-passthru: check buffer size parameter, Philippe Mathieu-Daudé, 2019/02/14
- [Qemu-devel] [PATCH v2 1/9] ccid-card-passthru: Move assertion in read() to can_read(), Philippe Mathieu-Daudé, 2019/02/14
- [Qemu-devel] [PATCH v2 2/9] ccid-card-passthru: Replace never trigger if statement by an assertion, Philippe Mathieu-Daudé, 2019/02/14
- [Qemu-devel] [PATCH v2 3/9] ccid-card-passthru: Assert on a stricter expression, Philippe Mathieu-Daudé, 2019/02/14
- [Qemu-devel] [PATCH v2 4/9] ccid-card-passthru: Let the chardev::read() be more generic, Philippe Mathieu-Daudé, 2019/02/14
- [Qemu-devel] [PATCH v2 5/9] ccid-card-passthru: Replace assert() by QEMU_BUILD_BUG_ON(), Philippe Mathieu-Daudé, 2019/02/14
- [Qemu-devel] [PATCH v2 7/9] ccid-card-passthru: Use QERR_MISSING_PARAMETER, Philippe Mathieu-Daudé, 2019/02/14
- [Qemu-devel] [PATCH v2 6/9] ccid-card-passthru: Simplify the if() condition, Philippe Mathieu-Daudé, 2019/02/14
- [Qemu-devel] [PATCH v2 9/9] ccid-card-passthru: Use size_t for index, Philippe Mathieu-Daudé, 2019/02/14