Reviewed-by: Dmitry Fleytman <dmi...@daynix.com> On Thu, Aug 4, 2016 at 12:30 AM, P J P <ppan...@redhat.com> wrote:
> From: Prasad J Pandit <p...@fedoraproject.org> > > Network transport abstraction layer supports packet fragmentation. > While fragmenting a packet, it checks for more fragments from > packet length and current fragment length. It is susceptible > to an infinite loop, if the current fragment length is zero. > Add check to avoid it. > > Reported-by: Li Qiang <liqiang...@360.cn> > Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> > --- > hw/net/net_tx_pkt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > Updated as per > -> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg00751.html > > diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c > index efd43b4..53dfaa2 100644 > --- a/hw/net/net_tx_pkt.c > +++ b/hw/net/net_tx_pkt.c > @@ -590,7 +590,7 @@ static bool net_tx_pkt_do_sw_fragmentation(struct > NetTxPkt *pkt, > > fragment_offset += fragment_len; > > - } while (more_frags); > + } while (fragment_len && more_frags); > > return true; > } > -- > 2.5.5 > >
