Changeset View
Changeset View
Standalone View
Standalone View
sys/dev/pci/pci.c
Show First 20 Lines • Show All 1,095 Lines • ▼ Show 20 Lines | case 0: /* item name */ | ||||
break; | break; | ||||
} | } | ||||
remain = byte2; | remain = byte2; | ||||
if (vpd_nextbyte(&vrs, &byte2)) { | if (vpd_nextbyte(&vrs, &byte2)) { | ||||
state = -2; | state = -2; | ||||
break; | break; | ||||
} | } | ||||
remain |= byte2 << 8; | remain |= byte2 << 8; | ||||
if (remain > (0x7f*4 - vrs.off)) { | |||||
kib: I suspect this was an attempt to handle the F bit from the vpd cap address register. It should… | |||||
jhbUnsubmitted Not Done Inline ActionsOr to also avoid inaddressible locations. However, the "short" case would also need the same check since you could have a "short" tag at the end of the VPD area that could potentially overflow. I would perhaps move this down to the bottom of this case before the 'switch (name)' (line 1115 in the old code in this review) so it tests both cases and code it something like: if (vrs.off + remain - vrs.bytesinval > 0x8000) { pci_printf(cfg, "VPD data overflow, remain %#x\n", remain); state = -1; break; } The missing break in the old code isn't great either as you could potentially malloc() a really large value. jhb: Or to also avoid inaddressible locations. However, the "short" case would also need the same… | |||||
state = -1; | |||||
pci_printf(cfg, | |||||
"invalid VPD data, remain %#x\n", | |||||
remain); | |||||
} | |||||
name = byte & 0x7f; | name = byte & 0x7f; | ||||
} else { | } else { | ||||
remain = byte & 0x7; | remain = byte & 0x7; | ||||
name = (byte >> 3) & 0xf; | name = (byte >> 3) & 0xf; | ||||
} | } | ||||
switch (name) { | switch (name) { | ||||
case 0x2: /* String */ | case 0x2: /* String */ | ||||
cfg->vpd.vpd_ident = malloc(remain + 1, | cfg->vpd.vpd_ident = malloc(remain + 1, | ||||
▲ Show 20 Lines • Show All 5,506 Lines • Show Last 20 Lines |
I suspect this was an attempt to handle the F bit from the vpd cap address register. It should be 0x7fff instead of 0x7f*4, then.