+-- On Tue, 24 Mar 2020, Jason Wang wrote --+
| > + if (s->rx_frame_len + len >= sizeof(s->rx_frame)) {
| > + return;
| > + }
| >
| > Why here is '>=' instead of '>'. IIUC the total sending length can reach
| > to sizeof(s->rx_frame). Same in the other place in this patch.
|
| Yes, this need to be fixed.But, wouldn't s->rx_frame[sizeof(s->rx_frame)] be off-by-one? Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
