[U-Boot] [PATCH 2/2] net: nfs: Correct type of rpc_t->u.reply->data
Tom Rini
trini at konsulko.com
Mon Aug 21 02:40:02 UTC 2017
In rpc_t we declare data to be a uint8_t of size 2048, for a final size
of 2048. We also however declare the reply part of the union to have a
uint32_t data field of NFS_READ_SIZE (1024) for a final size of
4096+24=4120 and an overrun. Expand the comment above the struct to
note that if NFS_READ_SIZE is increased then the data buf must also be
increased and correct the declaration to be uint8_t.
Reported-by: Coverity (CID: 152888)
Cc: Joe Hershberger <joe.hershberger at ni.com>
Signed-off-by: Tom Rini <trini at konsulko.com>
---
net/nfs.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/nfs.h b/net/nfs.h
index 1aa06e8fb90f..b23b4088d825 100644
--- a/net/nfs.h
+++ b/net/nfs.h
@@ -39,8 +39,9 @@
/*
* Block size used for NFS read accesses. A RPC reply packet (including all
* headers) must fit within a single Ethernet frame to avoid fragmentation.
- * However, if CONFIG_IP_DEFRAG is set, a bigger value could be used. In any
- * case, most NFS servers are optimized for a power of 2.
+ * However, if CONFIG_IP_DEFRAG is set, a bigger value could be used, so long
+ * as rpc_t->u->data is incrased to match. In any case, most NFS servers are
+ * optimized for a power of 2.
*/
#define NFS_READ_SIZE 1024 /* biggest power of two that fits Ether frame */
@@ -73,7 +74,7 @@ struct rpc_t {
uint32_t verifier;
uint32_t v2;
uint32_t astatus;
- uint32_t data[NFS_READ_SIZE];
+ uint8_t data[NFS_READ_SIZE];
} reply;
} u;
} __attribute__((packed));
--
1.9.1
More information about the U-Boot
mailing list