| Message ID | 1426224119-8352-1-git-send-email-zhaoshenglong@huawei.com |
|---|---|
| State | New |
| Headers | show |
On 13/03/2015 06:21, Shannon Zhao wrote: > It's detected by coverity.In is_vlan_packet s->mac_reg[VET] is > unsigned int but is dereferenced as a narrower unsigned short. > This may lead to unexpected results depending on machine > endianness. Sounds good. CCing Stefan, net/ maintainer. > Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> > Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> > --- > hw/net/e1000.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/hw/net/e1000.c b/hw/net/e1000.c > index a207e21..59d73cd 100644 > --- a/hw/net/e1000.c > +++ b/hw/net/e1000.c > @@ -578,7 +578,7 @@ static inline int > is_vlan_packet(E1000State *s, const uint8_t *buf) > { > return (be16_to_cpup((uint16_t *)(buf + 12)) == > - le16_to_cpup((uint16_t *)(s->mac_reg + VET))); > + le16_to_cpu(s->mac_reg[VET])); > } > > static inline int > @@ -711,7 +711,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) > (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) { > tp->vlan_needed = 1; > stw_be_p(tp->vlan_header, > - le16_to_cpup((uint16_t *)(s->mac_reg + VET))); > + le16_to_cpu(s->mac_reg[VET])); > stw_be_p(tp->vlan_header + 2, > le16_to_cpu(dp->upper.fields.special)); > } >
On Fri, Mar 13, 2015 at 01:21:59PM +0800, Shannon Zhao wrote: > It's detected by coverity.In is_vlan_packet s->mac_reg[VET] is > unsigned int but is dereferenced as a narrower unsigned short. > This may lead to unexpected results depending on machine > endianness. > > Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> > Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> > --- > hw/net/e1000.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Thanks, applied to my net tree: https://github.com/stefanha/qemu/commits/net Stefan
On 2015/3/18 1:05, Stefan Hajnoczi wrote: > On Fri, Mar 13, 2015 at 01:21:59PM +0800, Shannon Zhao wrote: >> It's detected by coverity.In is_vlan_packet s->mac_reg[VET] is >> unsigned int but is dereferenced as a narrower unsigned short. >> This may lead to unexpected results depending on machine >> endianness. >> >> Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> >> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> >> --- >> hw/net/e1000.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > > Thanks, applied to my net tree: > https://github.com/stefanha/qemu/commits/net > Thanks :-) Shannon
diff --git a/hw/net/e1000.c b/hw/net/e1000.c index a207e21..59d73cd 100644 --- a/hw/net/e1000.c +++ b/hw/net/e1000.c @@ -578,7 +578,7 @@ static inline int is_vlan_packet(E1000State *s, const uint8_t *buf) { return (be16_to_cpup((uint16_t *)(buf + 12)) == - le16_to_cpup((uint16_t *)(s->mac_reg + VET))); + le16_to_cpu(s->mac_reg[VET])); } static inline int @@ -711,7 +711,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) { tp->vlan_needed = 1; stw_be_p(tp->vlan_header, - le16_to_cpup((uint16_t *)(s->mac_reg + VET))); + le16_to_cpu(s->mac_reg[VET])); stw_be_p(tp->vlan_header + 2, le16_to_cpu(dp->upper.fields.special)); }