| Message ID | 20190214201939.494-10-philmd@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | ccid-card-passthru: check buffer size parameter | expand |
On Thu, Feb 14, 2019 at 9:27 PM Philippe Mathieu-Daudé <philmd@redhat.com> wrote: > > The variable 'opt_bytes' is an index to the data[] array. > Use size_t for indexes. > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > --- > hw/usb/ccid-card-passthru.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c > index 083eb5ca08..664e8a1b54 100644 > --- a/hw/usb/ccid-card-passthru.c > +++ b/hw/usb/ccid-card-passthru.c > @@ -152,7 +152,7 @@ static void ccid_card_vscard_handle_init( > static int check_atr(PassthruState *card, uint8_t *data, size_t len) > { > size_t historical_length; > - int opt_bytes; > + size_t opt_bytes; > int td_count = 0; > int td; > > @@ -192,12 +192,13 @@ static int check_atr(PassthruState *card, uint8_t *data, size_t len) > } > if (len > 2 + historical_length + opt_bytes) { > DPRINTF(card, D_WARN, > - "atr too long: len %zu, but hist/opt %zu/%d, T1 0x%X\n", > + "atr too long: len %zu, but hist/opt %zu/%zu, T1 0x%X\n", > len, historical_length, opt_bytes, data[1]); > /* let it through */ > } > DPRINTF(card, D_VERBOSE, > - "atr passes check: %zu total length, %zu historical, %d optional\n", > + "atr passes check: %zu total length," > + " %zu historical, %zu optional\n", > len, historical_length, opt_bytes); > > return 1; > -- > 2.20.1 > >
diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c index 083eb5ca08..664e8a1b54 100644 --- a/hw/usb/ccid-card-passthru.c +++ b/hw/usb/ccid-card-passthru.c @@ -152,7 +152,7 @@ static void ccid_card_vscard_handle_init( static int check_atr(PassthruState *card, uint8_t *data, size_t len) { size_t historical_length; - int opt_bytes; + size_t opt_bytes; int td_count = 0; int td; @@ -192,12 +192,13 @@ static int check_atr(PassthruState *card, uint8_t *data, size_t len) } if (len > 2 + historical_length + opt_bytes) { DPRINTF(card, D_WARN, - "atr too long: len %zu, but hist/opt %zu/%d, T1 0x%X\n", + "atr too long: len %zu, but hist/opt %zu/%zu, T1 0x%X\n", len, historical_length, opt_bytes, data[1]); /* let it through */ } DPRINTF(card, D_VERBOSE, - "atr passes check: %zu total length, %zu historical, %d optional\n", + "atr passes check: %zu total length," + " %zu historical, %zu optional\n", len, historical_length, opt_bytes); return 1;
The variable 'opt_bytes' is an index to the data[] array. Use size_t for indexes. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- hw/usb/ccid-card-passthru.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)