Daniele Forsi [mailto:dforsi@xxxxxxxxx] > Sent: Wednesday, August 20, 2014 8:01 PM > To: Hayes Wang > Cc: netdev@xxxxxxxxxxxxxxx; nic_swsd; > linux-kernel@xxxxxxxxxxxxxxx; USB list > Subject: Re: [PATCH net-next 4/4] r8152: support firmware files [...] > > + start = le32_to_cpu(fw_header->fw_start); > > + if (start > fw->size) > > + goto out; > > since "start" is an offset in an array of size "fw->size" this should > check for ">=" and if a command is at least cmd(2 bytes) + length(2 > bytes), shouldn't this check for "start >= fw->size - 4"? Is this necessary? Besides the check of the "start", there are checks of the "size" and rtl_fw_data_ok(). I think they cover the situations which you indicate. Best Regards, Hayes -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
