[Qemu-devel] [PATCH] Fix crash due to faulty realloc logic in slirp/mbuf

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] Fix crash due to faulty realloc logic in slirp/mbuf

From:	Ed Swierk
Subject:	[Qemu-devel] [PATCH] Fix crash due to faulty realloc logic in slirp/mbuf.c
Date:	Sun, 30 Apr 2006 19:48:34 -0700

The attached patch fixes a bug in the slirp memory management code.
m_inc() is called during IP reassembly for IP datagrams greater than 4
KB, as arises with NFS. Currently the code assumes that realloc()
always resizes the buffer without moving it; if the buffer is moved,
the m_data pointer is left pointing to an invalid location. The bug
causes qemu to crash when there is any significant amount of NFS
traffic.

The patch restores some commented-out code that updates m_data correctly.

--Ed

qemu-slirp-mbuf-bug.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] Fix crash due to faulty realloc logic in slirp/mbuf.c, Ed Swierk <=

Prev by Date: [Qemu-devel] [PATCH] Always use 10.0.2.2 as host addr for -net user (slirp)
Next by Date: [Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/ip_input.c
Previous by thread: [Qemu-devel] [PATCH] Always use 10.0.2.2 as host addr for -net user (slirp)
Next by thread: [Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in slirp/ip_input.c
Index(es):
- Date
- Thread