[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/i
[Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/ip_input.c
Sun, 30 Apr 2006 19:52:00 -0700
Another memory management bug in the slirp code causes qemu to crash
while attempting to reassemble a fragmented IP packet. While iterating
through a list of buffers, if m_cat() moves the current buffer, the
pointer to the next buffer is read from an invalid location.
The attached patch simply reads the next buffer pointer before calling
m_cat(). Incidentally, this is also the fix adopted in the BSD
networking stack, from which slirp was originally derived.
Description: Text Data
|[Prev in Thread]
||[Next in Thread]|
- [Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/ip_input.c,
Ed Swierk <=