On 2016年08月09日 11:52, chaojianhu wrote:
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by: chaoj
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by: chaojianhu
Signed-off-by: chaojianhu
---
hw/n
On 2016年08月09日 10:24, chaojianhu wrote:
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowd. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by: chaoji
Hi,
Your series seems to have some coding style problems. See output below for
more information:
Message-id: blu437-smtp43591ada801e900d4bce81db...@phx.gbl
Type: series
Subject: [Qemu-devel] [PATCH] hw/net: Fix a heap overflow in
xlnx.xps-ethernetlite
=== TEST SCRIPT BEGIN ===
#!/bin/bash
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowd. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by: chaojianhu
---
hw/net/xilinx_ethlite.c | 4
