On Sun, 16 May 2021 17:55:34 +0200 Christian Schoenebeck <[email protected]> wrote:
> There is only one comparison between nwnames and P9_MAXWELEM required. > > Signed-off-by: Christian Schoenebeck <[email protected]> > --- Nice catch. It's been there for a decade :) Reviewed-by: Greg Kurz <[email protected]> > hw/9pfs/9p.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c > index 0fa776af09..89aa07db78 100644 > --- a/hw/9pfs/9p.c > +++ b/hw/9pfs/9p.c > @@ -1739,7 +1739,11 @@ static void coroutine_fn v9fs_walk(void *opaque) > > trace_v9fs_walk(pdu->tag, pdu->id, fid, newfid, nwnames); > > - if (nwnames && nwnames <= P9_MAXWELEM) { > + if (nwnames > P9_MAXWELEM) { > + err = -EINVAL; > + goto out_nofid; > + } > + if (nwnames) { > wnames = g_new0(V9fsString, nwnames); > qids = g_new0(V9fsQID, nwnames); > for (i = 0; i < nwnames; i++) { > @@ -1753,9 +1757,6 @@ static void coroutine_fn v9fs_walk(void *opaque) > } > offset += err; > } > - } else if (nwnames > P9_MAXWELEM) { > - err = -EINVAL; > - goto out_nofid; > } > fidp = get_fid(pdu, fid); > if (fidp == NULL) {
