On 17/06/2016 10:16, P J P wrote:
> +-- On Fri, 17 Jun 2016, Amit Shah wrote --+
> | This was flagged as an incompatibility in the vmstate by a nightly run
> | of the vmstate checker:
> |
> | Section "esp" Description "esp" Field "cmdbuf" size mismatch: 16 , 32
> | Section "dc390" Description
On 17/06/2016 06:19, Amit Shah wrote:
> Hi,
>
> On (Wed) 15 Jun 2016 [23:06:19], P J P wrote:
>> From: Prasad J Pandit
>>
>> While doing DMA read into ESP command buffer 's->cmdbuf', it could
>> write past the 's->cmdbuf' area, if it was partially filled;
>> ie.
+-- On Fri, 17 Jun 2016, Amit Shah wrote --+
| This was flagged as an incompatibility in the vmstate by a nightly run
| of the vmstate checker:
|
| Section "esp" Description "esp" Field "cmdbuf" size mismatch: 16 , 32
| Section "dc390" Description "esp" Field "cmdbuf" size mismatch: 16 , 32
|
Hi,
On (Wed) 15 Jun 2016 [23:06:19], P J P wrote:
> From: Prasad J Pandit
>
> While doing DMA read into ESP command buffer 's->cmdbuf', it could
> write past the 's->cmdbuf' area, if it was partially filled;
> ie. 's->cmdlen' wasn't set at the start of the buffer.
>
From: Prasad J Pandit
While doing DMA read into ESP command buffer 's->cmdbuf', it could
write past the 's->cmdbuf' area, if it was partially filled;
ie. 's->cmdlen' wasn't set at the start of the buffer.
Check 'len' to avoid OOB access. Also increase the command buffer