[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/i

From: Ed Swierk
Subject: [Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/ip_input.c
Date: Sun, 30 Apr 2006 19:52:00 -0700

Another memory management bug in the slirp code causes qemu to crash
while attempting to reassemble a fragmented IP packet. While iterating
through a list of buffers, if m_cat() moves the current buffer, the
pointer to the next buffer is read from an invalid location.

The attached patch simply reads the next buffer pointer before calling
m_cat(). Incidentally, this is also the fix adopted in the BSD
networking stack, from which slirp was originally derived.


Attachment: qemu-slirp-reassembly-bug.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]