diff options
| author | Juergen Lock <nox@FreeBSD.org> | 2007-04-09 20:24:44 +0000 |
|---|---|---|
| committer | Juergen Lock <nox@FreeBSD.org> | 2007-04-09 20:24:44 +0000 |
| commit | f3cb5f8aa1a93004879b1e0845f9fd92cba5c1de (patch) | |
| tree | 5e802404d1c856d4f66e659c7dc724d88db1d7e1 /emulators/qemu-devel | |
| parent | Document fetchmail's "insecure APOP authentication" issue (fixed in 6.3.8). (diff) | |
Add patch to avoid eepro100 crashes
Approved by: miwi (mentor, implicit)
Obtained from: Stefan Weil on qemu-devel mailinglist
Notes
Notes:
svn path=/head/; revision=189598
Diffstat (limited to 'emulators/qemu-devel')
| -rw-r--r-- | emulators/qemu-devel/Makefile | 1 | ||||
| -rw-r--r-- | emulators/qemu-devel/files/patch-hw-eepro100.c | 50 |
2 files changed, 51 insertions, 0 deletions
diff --git a/emulators/qemu-devel/Makefile b/emulators/qemu-devel/Makefile index baa8fe6f94a3..7257be443a18 100644 --- a/emulators/qemu-devel/Makefile +++ b/emulators/qemu-devel/Makefile @@ -7,6 +7,7 @@ PORTNAME= qemu PORTVERSION= 0.9.0s.20070405 +PORTREVISION= 1 CATEGORIES= emulators MASTER_SITES= http://qemu.org/:release \ http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \ diff --git a/emulators/qemu-devel/files/patch-hw-eepro100.c b/emulators/qemu-devel/files/patch-hw-eepro100.c new file mode 100644 index 000000000000..79337757bde1 --- /dev/null +++ b/emulators/qemu-devel/files/patch-hw-eepro100.c @@ -0,0 +1,50 @@ +Index: qemu/hw/eepro100.c +@@ -729,6 +729,7 @@ + logout + ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n", + tx_buffer_address, tx_buffer_size); ++ assert(size + tx_buffer_size <= sizeof(buf)); + cpu_physical_memory_read(tx_buffer_address, &buf[size], + tx_buffer_size); + size += tx_buffer_size; +@@ -749,9 +750,13 @@ + logout + ("TBD (extended mode): buffer address 0x%08x, size 0x%04x\n", + tx_buffer_address, tx_buffer_size); +- cpu_physical_memory_read(tx_buffer_address, &buf[size], +- tx_buffer_size); +- size += tx_buffer_size; ++ if (size + tx_buffer_size > sizeof(buf)) { ++ logout("bad extended TCB with size 0x%04x\n", tx_buffer_size); ++ } else { ++ cpu_physical_memory_read(tx_buffer_address, &buf[size], ++ tx_buffer_size); ++ size += tx_buffer_size; ++ } + if (tx_buffer_el & 1) { + break; + } +@@ -766,14 +771,20 @@ + logout + ("TBD (flexible mode): buffer address 0x%08x, size 0x%04x\n", + tx_buffer_address, tx_buffer_size); +- cpu_physical_memory_read(tx_buffer_address, &buf[size], +- tx_buffer_size); +- size += tx_buffer_size; ++ if (size + tx_buffer_size > sizeof(buf)) { ++ logout("bad flexible TCB with size 0x%04x\n", tx_buffer_size); ++ } else { ++ cpu_physical_memory_read(tx_buffer_address, &buf[size], ++ tx_buffer_size); ++ size += tx_buffer_size; ++ } + if (tx_buffer_el & 1) { + break; + } + } + } ++ logout("%p sending frame, len=%d,%s\n", s, size, nic_dump(buf, size)); ++ assert(size <= sizeof(buf)); + qemu_send_packet(s->vc, buf, size); + s->statistics.tx_good_frames++; + /* Transmit with bad status would raise an CX/TNO interrupt. |