Re: [PATCH net-next 2/9] bnxt_en: Add Support for ETHTOOL_GMODULEINFO and ETHTOOL_GMODULEEEPRO

Ben Hutchings Sat, 14 May 2016 18:32:50 -0700

On Sat, 2016-05-14 at 20:29 -0400, Michael Chan wrote:
> From: Ajit Khaparde <ajit.khapa...@broadcom.com>
[...]
> +     /* Read A2 portion of the EEPROM */
> +     if (length) {
> +             start -= ETH_MODULE_SFF_8436_LEN;
> +             bnxt_read_sfp_module_eeprom_info(bp, I2C_DEV_ADDR_A2, 1, start,
> +                                              length, data + start);


The output address calculation (data + start) makes no sense at all.
If eeprom->offset < ETH_MODULE_SFF_8436_LEN then start == 0 here and
this read overwrites earlier data in the output buffer.  If
eeeprom->offset > ETH_MODULE_SFF_8436_LEN then start > 0 here and this
overruns the output buffer.

I think that 'data' should be incremented along with 'start' in the
previous if-block.

Ben.

> +     }
> +     return rc;
> +}
[...]

-- 
Ben Hutchings
For every action, there is an equal and opposite criticism. - Harrison

signature.asc
Description: This is a digitally signed message part

Re: [PATCH net-next 2/9] bnxt_en: Add Support for ETHTOOL_GMODULEINFO and ETHTOOL_GMODULEEEPRO

Reply via email to