git.ipfire.org Git - thirdparty/qemu.git/commit

author	Vladislav Yasevich <vyasevic@redhat.com>
	Tue, 1 Sep 2015 15:26:45 +0000 (11:26 -0400)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Tue, 20 Oct 2015 18:30:05 +0000 (13:30 -0500)
commit	d2b0f96fe2762e2863a6fbbb0acb02606537cc9e
tree	bbcb8d4524b74c021edf3455a7876fb4f3b78e4b	tree
parent	a00431853f6faef36618dad238a859e3d6805054	commit \| diff

rtl8139: Fix receive buffer overflow check

rtl8139_do_receive() tries to check for the overflow condition
by making sure that packet_size + 8 does not exceed the
available buffer space.  The issue here is that RxBuffAddr,
used to calculate available buffer space, is aligned to a
a 4 byte boundry after every update.  So it is possible that
every packet ends up being slightly padded when written
to the receive buffer.  This padding is not taken into
account when checking for overflow and we may end up missing
the overflow condition can causing buffer overwrite.

This patch takes alignment into consideration when
checking for overflow condition.

Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1441121206-6997-2-git-send-email-vyasevic@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit fabdcd3392f16fc666b1d04fc1bbe5f1dbbf10a4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>