On 2016年08月09日 11:52, chaojianhu wrote:
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by:
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by: chaojianhu
On 2016年08月09日 10:24, chaojianhu wrote:
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowd. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by:
Hi,
Your series seems to have some coding style problems. See output below for
more information:
Message-id: blu437-smtp43591ada801e900d4bce81db...@phx.gbl
Type: series
Subject: [Qemu-devel] [PATCH] hw/net: Fix a heap overflow in
xlnx.xps-ethernetlite
=== TEST SCRIPT BEGIN ===
#!/bin/bash
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowd. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by: chaojianhu
---