On 15/06/2016 19:18, P J P wrote: > Hello Paolo, > > +-- On Wed, 15 Jun 2016, Paolo Bonzini wrote --+ > | Actually, the commit message is wrong. The length parameter cannot > | exceed the buffer size anymore. > > It wouldn't exceed after this patch, right? Is it possible 'esp_do_dma' is > called via 'esp_transfer_data' with 's->do_cmd' set? 'len' isn't checked > there.
No, it's not possible; see the discussion in reply to v1. Paolo