From: Jason Wang <[email protected]> There should not be a reason for passing a packet size greater than INT_MAX. It's usually a hint of bug somewhere, so ignore packet size greater than INT_MAX in qemu_deliver_packet_iov()
CC: [email protected] Reported-by: Daniel Shapira <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Jason Wang <[email protected]> (cherry picked from commit 1592a9947036d60dde5404204a5d45975133caf5) Signed-off-by: Michael Roth <[email protected]> --- net/net.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/net.c b/net/net.c index 2a3133990c..46db72811b 100644 --- a/net/net.c +++ b/net/net.c @@ -712,10 +712,15 @@ ssize_t qemu_deliver_packet_iov(NetClientState *sender, void *opaque) { NetClientState *nc = opaque; + size_t size = iov_size(iov, iovcnt); int ret; + if (size > INT_MAX) { + return size; + } + if (nc->link_down) { - return iov_size(iov, iovcnt); + return size; } if (nc->receive_disabled) { -- 2.17.1
