+-- On Wed, 21 Sep 2016, Paolo Bonzini wrote --+
| > diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
| > index e60e338..31870b0 100644
| > --- a/hw/net/imx_fec.c
| > +++ b/hw/net/imx_fec.c
| > @@ -276,7 +276,7 @@ static void imx_fec_do_tx(IMXFECState *s)
| > imx_fec_read_bd(&bd, addr);
| > FEC_PRINTF("tx_bd %x flags %04x len %d data %08x\n",
| > addr, bd.flags, bd.length, bd.data);
| > - if ((bd.flags & FEC_BD_R) == 0) {
| > + if (!bd.length || (bd.flags & FEC_BD_R) == 0) {
| > /* Run out of descriptors to transmit. */
| > break;
| > }
| >
|
| Same here---and same bug as the previous patch too:
Yep, same issue as the other patch.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
