Re: [RFC PATCH] rtl8139: fix stack overflow if RxBuf overlaps MMIO

2021-01-12 Thread Qiuhao Li
On Tue, 2021-01-12 at 16:02 +, Peter Maydell wrote: > On Tue, 12 Jan 2021 at 15:23, Qiuhao Li > wrote: > > Fix Bug 1910826 [1] / OSS-Fuzz Issue 29224 [2]. > > > > In rtl8139.c, the function rtl8139_RxBuf_write, which sets the > > RxBuf > > (Receive Buffer Start Address), doesn't check if this

Re: [RFC PATCH] rtl8139: fix stack overflow if RxBuf overlaps MMIO

2021-01-12 Thread Peter Maydell
On Tue, 12 Jan 2021 at 15:23, Qiuhao Li wrote: > > Fix Bug 1910826 [1] / OSS-Fuzz Issue 29224 [2]. > > In rtl8139.c, the function rtl8139_RxBuf_write, which sets the RxBuf > (Receive Buffer Start Address), doesn't check if this buffer overlaps our > MMIO region. So if the guest machine set the tra

[RFC PATCH] rtl8139: fix stack overflow if RxBuf overlaps MMIO

2021-01-12 Thread Qiuhao Li
Fix Bug 1910826 [1] / OSS-Fuzz Issue 29224 [2]. In rtl8139.c, the function rtl8139_RxBuf_write, which sets the RxBuf (Receive Buffer Start Address), doesn't check if this buffer overlaps our MMIO region. So if the guest machine set the transmit mode to loopback, put the RxBuf at the address of TSD