Daniele Forsi [mailto:[email protected]] > Sent: Wednesday, August 20, 2014 8:01 PM > To: Hayes Wang > Cc: [email protected]; nic_swsd; > [email protected]; USB list > Subject: Re: [PATCH net-next 4/4] r8152: support firmware files [...] > > + start = le32_to_cpu(fw_header->fw_start); > > + if (start > fw->size) > > + goto out; > > since "start" is an offset in an array of size "fw->size" this should > check for ">=" and if a command is at least cmd(2 bytes) + length(2 > bytes), shouldn't this check for "start >= fw->size - 4"?
Is this necessary? Besides the check of the "start", there are checks of the "size" and rtl_fw_data_ok(). I think they cover the situations which you indicate. Best Regards, Hayes -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
