summaryrefslogtreecommitdiff
path: root/include/qom
diff options
context:
space:
mode:
authorPrasad J Pandit <pjp@fedoraproject.org>2018-06-05 23:38:35 +0530
committerSamuel Thibault <samuel.thibault@ens-lyon.org>2018-06-08 09:08:30 +0300
commit864036e251f54c99d31df124aad7f34f01f5344c (patch)
treeca78196ce84b59fe837722729d93bc043d1192b0 /include/qom
parent3835c310bd13662d5fb3f50f3dd62605dfd40cf9 (diff)
downloadqemu-864036e251f54c99d31df124aad7f34f01f5344c.zip
slirp: correct size computation while concatenating mbuf
While reassembling incoming fragmented datagrams, 'm_cat' routine extends the 'mbuf' buffer, if it has insufficient room. It computes a wrong buffer size, which leads to overwriting adjacent heap buffer area. Correct this size computation in m_cat. Reported-by: ZDI Disclosures <zdi-disclosures@trendmicro.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Diffstat (limited to 'include/qom')
0 files changed, 0 insertions, 0 deletions