hw/9pfs/9p.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)
There is only one comparison between nwnames and P9_MAXWELEM required.
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
---
hw/9pfs/9p.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 0fa776af09..89aa07db78 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1739,7 +1739,11 @@ static void coroutine_fn v9fs_walk(void *opaque)
trace_v9fs_walk(pdu->tag, pdu->id, fid, newfid, nwnames);
- if (nwnames && nwnames <= P9_MAXWELEM) {
+ if (nwnames > P9_MAXWELEM) {
+ err = -EINVAL;
+ goto out_nofid;
+ }
+ if (nwnames) {
wnames = g_new0(V9fsString, nwnames);
qids = g_new0(V9fsQID, nwnames);
for (i = 0; i < nwnames; i++) {
@@ -1753,9 +1757,6 @@ static void coroutine_fn v9fs_walk(void *opaque)
}
offset += err;
}
- } else if (nwnames > P9_MAXWELEM) {
- err = -EINVAL;
- goto out_nofid;
}
fidp = get_fid(pdu, fid);
if (fidp == NULL) {
--
2.20.1
On Sun, 16 May 2021 17:55:34 +0200 Christian Schoenebeck <qemu_oss@crudebyte.com> wrote: > There is only one comparison between nwnames and P9_MAXWELEM required. > > Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> > --- Nice catch. It's been there for a decade :) Reviewed-by: Greg Kurz <groug@kaod.org> > hw/9pfs/9p.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c > index 0fa776af09..89aa07db78 100644 > --- a/hw/9pfs/9p.c > +++ b/hw/9pfs/9p.c > @@ -1739,7 +1739,11 @@ static void coroutine_fn v9fs_walk(void *opaque) > > trace_v9fs_walk(pdu->tag, pdu->id, fid, newfid, nwnames); > > - if (nwnames && nwnames <= P9_MAXWELEM) { > + if (nwnames > P9_MAXWELEM) { > + err = -EINVAL; > + goto out_nofid; > + } > + if (nwnames) { > wnames = g_new0(V9fsString, nwnames); > qids = g_new0(V9fsQID, nwnames); > for (i = 0; i < nwnames; i++) { > @@ -1753,9 +1757,6 @@ static void coroutine_fn v9fs_walk(void *opaque) > } > offset += err; > } > - } else if (nwnames > P9_MAXWELEM) { > - err = -EINVAL; > - goto out_nofid; > } > fidp = get_fid(pdu, fid); > if (fidp == NULL) {
On Montag, 17. Mai 2021 13:35:09 CEST Greg Kurz wrote: > On Sun, 16 May 2021 17:55:34 +0200 > > Christian Schoenebeck <qemu_oss@crudebyte.com> wrote: > > There is only one comparison between nwnames and P9_MAXWELEM required. > > > > Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> > > --- > > Nice catch. It's been there for a decade :) > > Reviewed-by: Greg Kurz <groug@kaod.org> Now that was a quick response! Queued, thanks! https://github.com/cschoenebeck/qemu/commits/9p.next > > > hw/9pfs/9p.c | 9 +++++---- > > 1 file changed, 5 insertions(+), 4 deletions(-) > > > > diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c > > index 0fa776af09..89aa07db78 100644 > > --- a/hw/9pfs/9p.c > > +++ b/hw/9pfs/9p.c > > @@ -1739,7 +1739,11 @@ static void coroutine_fn v9fs_walk(void *opaque) > > > > trace_v9fs_walk(pdu->tag, pdu->id, fid, newfid, nwnames); > > > > - if (nwnames && nwnames <= P9_MAXWELEM) { > > + if (nwnames > P9_MAXWELEM) { > > + err = -EINVAL; > > + goto out_nofid; > > + } > > + if (nwnames) { > > > > wnames = g_new0(V9fsString, nwnames); > > qids = g_new0(V9fsQID, nwnames); > > for (i = 0; i < nwnames; i++) { > > > > @@ -1753,9 +1757,6 @@ static void coroutine_fn v9fs_walk(void *opaque) > > > > } > > offset += err; > > > > } > > > > - } else if (nwnames > P9_MAXWELEM) { > > - err = -EINVAL; > > - goto out_nofid; > > > > } > > fidp = get_fid(pdu, fid); > > if (fidp == NULL) {
© 2016 - 2024 Red Hat, Inc.