[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] hw/net/i82596.c: Avoid reading off end of buffer in i82596_r

From: Peter Maydell
Subject: Re: [PATCH] hw/net/i82596.c: Avoid reading off end of buffer in i82596_receive()
Date: Thu, 26 Mar 2020 21:11:38 +0000

On Tue, 17 Mar 2020 at 06:13, Jason Wang <address@hidden> wrote:
> On 2020/3/13 上午4:16, Peter Maydell wrote:
> > The i82596_receive() function attempts to pass the guest a buffer
> > which is effectively the concatenation of the data it is passed and a
> > 4 byte CRC value.  However, rather than implementing this as "write
> > the data; then write the CRC" it instead bumps the length value of
> > the data by 4, and writes 4 extra bytes from beyond the end of the
> > buffer, which it then overwrites with the CRC.  It also assumed that
> > we could always fit all four bytes of the CRC into the final receive
> > buffer, which might not be true if the CRC needs to be split over two
> > receive buffers.

> Applied.

Hi Jason -- this doesn't seem to have reached master yet.
Has it gotten lost somewhere along the line?

-- PMM

reply via email to

[Prev in Thread] Current Thread [Next in Thread]