[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/i
From: |
Ed Swierk |
Subject: |
[Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/ip_input.c |
Date: |
Sun, 30 Apr 2006 19:52:00 -0700 |
Another memory management bug in the slirp code causes qemu to crash
while attempting to reassemble a fragmented IP packet. While iterating
through a list of buffers, if m_cat() moves the current buffer, the
pointer to the next buffer is read from an invalid location.
The attached patch simply reads the next buffer pointer before calling
m_cat(). Incidentally, this is also the fix adopted in the BSD
networking stack, from which slirp was originally derived.
--Ed
qemu-slirp-reassembly-bug.patch
Description: Text Data
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/ip_input.c,
Ed Swierk <=