[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1904954] Re: lan9118 bug peeked received message size not equal to
From: |
alfred gedeon |
Subject: |
[Bug 1904954] Re: lan9118 bug peeked received message size not equal to actual received message size |
Date: |
Fri, 08 Jan 2021 23:54:42 -0000 |
We do have some code, that is giving different results, between the
peeked and the actual:
https://github.com/FreeRTOS/FreeRTOS-Plus-
TCP/blob/9a25860e761036a9eb780799c9db632e3eff60c9/portable/NetworkInterface/MPS2_AN385/NetworkInterface.c#L237
We also have a fix to circumvent the problem by just reading the actual
size and omit the peeked bytes.
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/pull/142
changing the code i pointed locally worked fine, but we can't expect all
our users to compile qemu from scratch and apply a patch
Alfred
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904954
Title:
lan9118 bug peeked received message size not equal to actual received
message size
Status in QEMU:
In Progress
Bug description:
peeked message size is not equal to read message size
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Could also be a security bug, as the user could allocate a buffer of
size peeked data smaller than the actual packet received, which could
cause a buffer overflow.
Thanks,
Alfred
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904954/+subscriptions