On 2016年08月04日 18:57, Dmitry Fleytman wrote:
Reviewed-by: Dmitry Fleytman <dmi...@daynix.com
<mailto:dmi...@daynix.com>>
On Thu, Aug 4, 2016 at 12:30 AM, P J P <ppan...@redhat.com
<mailto:ppan...@redhat.com>> wrote:
From: Prasad J Pandit <p...@fedoraproject.org
<mailto:p...@fedoraproject.org>>
Network transport abstraction layer supports packet fragmentation.
While fragmenting a packet, it checks for more fragments from
packet length and current fragment length. It is susceptible
to an infinite loop, if the current fragment length is zero.
Add check to avoid it.
Reported-by: Li Qiang <liqiang...@360.cn <mailto:liqiang...@360.cn>>
Signed-off-by: Prasad J Pandit <p...@fedoraproject.org
<mailto:p...@fedoraproject.org>>
---
hw/net/net_tx_pkt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Updated as per
->
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg00751.html
diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
index efd43b4..53dfaa2 100644
--- a/hw/net/net_tx_pkt.c
+++ b/hw/net/net_tx_pkt.c
@@ -590,7 +590,7 @@ static bool
net_tx_pkt_do_sw_fragmentation(struct NetTxPkt *pkt,
fragment_offset += fragment_len;
- } while (more_frags);
+ } while (fragment_len && more_frags);
return true;
}
--
2.5.5
Applied. Thanks
