Message ID | 1503283202-11909-2-git-send-email-trini@konsulko.com |
---|---|
State | Rejected |
Delegated to: | Joe Hershberger |
Headers | show |
On Sun, Aug 20, 2017 at 9:40 PM, Tom Rini <trini@konsulko.com> wrote: > In rpc_t we declare data to be a uint8_t of size 2048, for a final size > of 2048. We also however declare the reply part of the union to have a > uint32_t data field of NFS_READ_SIZE (1024) for a final size of > 4096+24=4120 and an overrun. Expand the comment above the struct to > note that if NFS_READ_SIZE is increased then the data buf must also be > increased and correct the declaration to be uint8_t. > > Reported-by: Coverity (CID: 152888) > Cc: Joe Hershberger <joe.hershberger@ni.com> > Signed-off-by: Tom Rini <trini@konsulko.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Hi Tom, On Sun, Aug 20, 2017 at 9:40 PM, Tom Rini <trini@konsulko.com> wrote: > In rpc_t we declare data to be a uint8_t of size 2048, for a final size > of 2048. We also however declare the reply part of the union to have a > uint32_t data field of NFS_READ_SIZE (1024) for a final size of > 4096+24=4120 and an overrun. Expand the comment above the struct to > note that if NFS_READ_SIZE is increased then the data buf must also be > increased and correct the declaration to be uint8_t. > > Reported-by: Coverity (CID: 152888) > Cc: Joe Hershberger <joe.hershberger@ni.com> > Signed-off-by: Tom Rini <trini@konsulko.com> This seems to be breaking one of the targets... https://travis-ci.org/jhershbe/u-boot/jobs/269330530 Thanks, -Joe
On Sun, Aug 20, 2017 at 9:40 PM, Tom Rini <trini@konsulko.com> wrote: > In rpc_t we declare data to be a uint8_t of size 2048, for a final size > of 2048. We also however declare the reply part of the union to have a > uint32_t data field of NFS_READ_SIZE (1024) for a final size of > 4096+24=4120 and an overrun. Expand the comment above the struct to > note that if NFS_READ_SIZE is increased then the data buf must also be > increased and correct the declaration to be uint8_t. > > Reported-by: Coverity (CID: 152888) > Cc: Joe Hershberger <joe.hershberger@ni.com> > Signed-off-by: Tom Rini <trini@konsulko.com> > --- > net/nfs.h | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/net/nfs.h b/net/nfs.h > index 1aa06e8fb90f..b23b4088d825 100644 > --- a/net/nfs.h > +++ b/net/nfs.h > @@ -39,8 +39,9 @@ > /* > * Block size used for NFS read accesses. A RPC reply packet (including all > * headers) must fit within a single Ethernet frame to avoid fragmentation. > - * However, if CONFIG_IP_DEFRAG is set, a bigger value could be used. In any > - * case, most NFS servers are optimized for a power of 2. > + * However, if CONFIG_IP_DEFRAG is set, a bigger value could be used, so long > + * as rpc_t->u->data is incrased to match. In any case, most NFS servers are > + * optimized for a power of 2. > */ > #define NFS_READ_SIZE 1024 /* biggest power of two that fits Ether frame */ > > @@ -73,7 +74,7 @@ struct rpc_t { > uint32_t verifier; > uint32_t v2; > uint32_t astatus; > - uint32_t data[NFS_READ_SIZE]; > + uint8_t data[NFS_READ_SIZE]; All of the pointer math would also need to be updated. Didn't notice that at first so, Nacked-by: Joe Hershberger <joe.hershberger@ni.com> > } reply; > } u; > } __attribute__((packed)); > -- > 1.9.1 > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot
diff --git a/net/nfs.h b/net/nfs.h index 1aa06e8fb90f..b23b4088d825 100644 --- a/net/nfs.h +++ b/net/nfs.h @@ -39,8 +39,9 @@ /* * Block size used for NFS read accesses. A RPC reply packet (including all * headers) must fit within a single Ethernet frame to avoid fragmentation. - * However, if CONFIG_IP_DEFRAG is set, a bigger value could be used. In any - * case, most NFS servers are optimized for a power of 2. + * However, if CONFIG_IP_DEFRAG is set, a bigger value could be used, so long + * as rpc_t->u->data is incrased to match. In any case, most NFS servers are + * optimized for a power of 2. */ #define NFS_READ_SIZE 1024 /* biggest power of two that fits Ether frame */ @@ -73,7 +74,7 @@ struct rpc_t { uint32_t verifier; uint32_t v2; uint32_t astatus; - uint32_t data[NFS_READ_SIZE]; + uint8_t data[NFS_READ_SIZE]; } reply; } u; } __attribute__((packed));
In rpc_t we declare data to be a uint8_t of size 2048, for a final size of 2048. We also however declare the reply part of the union to have a uint32_t data field of NFS_READ_SIZE (1024) for a final size of 4096+24=4120 and an overrun. Expand the comment above the struct to note that if NFS_READ_SIZE is increased then the data buf must also be increased and correct the declaration to be uint8_t. Reported-by: Coverity (CID: 152888) Cc: Joe Hershberger <joe.hershberger@ni.com> Signed-off-by: Tom Rini <trini@konsulko.com> --- net/nfs.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)