Thread (7 messages) 7 messages, 3 authors, 2019-11-22

Re: [PATCH net,v2 1/2] hv_netvsc: Fix offset usage in netvsc_send_table()

From: Jakub Kicinski <hidden>
Date: 2019-11-22 01:04:03
Also in: linux-hyperv, lkml 

On Fri, 22 Nov 2019 00:54:20 +0000, Haiyang Zhang wrote:
quoted
quoted
-	tab = (u32 *)((unsigned long)&nvmsg->msg.v5_msg.send_table +
-		      nvmsg->msg.v5_msg.send_table.offset);
+	if (offset > msglen - count * sizeof(u32)) {  
Can't this underflow now? What if msglen is small?  
msglen came from the vmbus container message. We trust it to be big
enough for the data region.
Ok, it looked like it was read from some descriptor which could
potentially be controlled by "the other side" but I trust your
judgement :)

Both patches LGTM, then.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help