[Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/i

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/i

From:	Ed Swierk
Subject:	[Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/ip_input.c
Date:	Sun, 30 Apr 2006 19:52:00 -0700

Another memory management bug in the slirp code causes qemu to crash
while attempting to reassemble a fragmented IP packet. While iterating
through a list of buffers, if m_cat() moves the current buffer, the
pointer to the next buffer is read from an invalid location.

The attached patch simply reads the next buffer pointer before calling
m_cat(). Incidentally, this is also the fix adopted in the BSD
networking stack, from which slirp was originally derived.

--Ed

qemu-slirp-reassembly-bug.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/ip_input.c, Ed Swierk <=

Prev by Date: [Qemu-devel] [PATCH] Fix crash due to faulty realloc logic in slirp/mbuf.c
Next by Date: [Qemu-devel] [PATCH] Fix scrambling of >32KB packets in slirp
Previous by thread: [Qemu-devel] [PATCH] Fix crash due to faulty realloc logic in slirp/mbuf.c
Next by thread: [Qemu-devel] [PATCH] Fix scrambling of >32KB packets in slirp
Index(es):
- Date
- Thread