qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] hw/net: Fix read of uninitialized memory in imx_fec.

From: Cédric Le Goater
Subject: Re: [PATCH] hw/net: Fix read of uninitialized memory in imx_fec.
Date: Thu, 5 Jan 2023 17:46:04 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 
On 1/5/23 16:33, Peter Maydell wrote:

On Wed, 21 Dec 2022 at 18:32, Stephen Longfield <slongfield@google.com> wrote:


Size is used at lines 1088/1188 for the loop, which reads the last 4
bytes from the crc_ptr so it does need to get increased, however it
shouldn't be increased before the buffer is passed to CRC computation,
or the crc32 function will access uninitialized memory.

This was pointed out to me by clg@kaod.org during the code review of
a similar patch to hw/net/ftgmac100.c

Change-Id: Ib0464303b191af1e28abeb2f5105eb25aadb5e9b
Signed-off-by: Stephen Longfield <slongfield@google.com>
Reviewed-by: Patrick Venture <venture@google.com>


Applied to target-arm.next, thanks.


Did you take the ftgmac100 also ?


(Looking at other ethernet device models we do indeed want to crc
just the packet, not "packet plus 4 0 bytes" or something.)


(There are some coverity issues in that area)

C.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]