OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

-----BEGIN PGP SIGNATURE----- 

Version: GnuPG v1
 
 iQEcBAABAgAGBQJXqYYnAAoJEO8Ells5jWIR5CkH/23ogg/jKrwliPpqI36w95rO
 eySHqM8Woc7X3wZVC6K/T5iF0MXzUj4tmtvCPueXwqb2ll2hAZ+1Jt88MLr3AN39
 85+gYqzU4MswLOztYNEBk5wLTX47Z9jE7GVynOqJGDJzqfc2WTlGHK1hKFM22XFB
 LKdDsu0/bbdDmDIqIC/5RBEzwEbwpumKXFvLr2fn7JxIIbJs7Sw9iFpGzwsRHFnx
 qfli40X+Gs6litSIdKjxgtdjpcY8grefTu6y72x6ZVhS50aXxTj6dSAhLR1ddTXn
 MC5V/J5TFqSFOzvtZ57J3/9iLeOyRpxLBkK/sExNnjlqnmDcp/igpSed4quFeSs=
 =j9Ls
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Tue 09 Aug 2016 08:28:39 BST
# gpg:                using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  hw/net: Fix a heap overflow in xlnx.xps-ethernetlite
  net: vmxnet3: check for device_active before write
  net: check fragment length during fragmentation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2016-08-09 10:44:27 +01:00
parent 53279c76cf a0d1cbdacf
commit ab861f3915
3 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hw/net/net_tx_pkt.c
View File

@ -590,7 +590,7 @@ static bool net_tx_pkt_do_sw_fragmentation(struct NetTxPkt *pkt,
fragment_offset += fragment_len;
} while (more_frags);
} while (fragment_len && more_frags);
return true;
}

4
hw/net/vmxnet3.c
View File

@ -1167,6 +1167,10 @@ vmxnet3_io_bar0_write(void *opaque, hwaddr addr,
{
VMXNET3State *s = opaque;
if (!s->device_active) {
return;
}
if (VMW_IS_MULTIREG_ADDR(addr, VMXNET3_REG_TXPROD,
VMXNET3_DEVICE_MAX_TX_QUEUES, VMXNET3_REG_ALIGN)) {
int tx_queue_idx =

4
hw/net/xilinx_ethlite.c
View File

@ -197,6 +197,10 @@ static ssize_t eth_rx(NetClientState *nc, const uint8_t *buf, size_t size)
}
D(qemu_log("%s %zd rxbase=%x\n", __func__, size, rxbase));
if (size > (R_MAX - R_RX_BUF0 - rxbase) * 4) {
D(qemu_log("ethlite packet is too big, size=%x\n", size));
return -1;
}
memcpy(&s->regs[rxbase + R_RX_BUF0], buf, size);
s->regs[rxbase + R_RX_CTRL0] |= CTRL_S;