chaojianhu a0d1cbdacf hw/net: Fix a heap overflow in xlnx.xps-ethernetlite ...

The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite
will be affected.

Reported-by: chaojianhu <chaojianhu@hotmail.com>
Signed-off-by: chaojianhu <chaojianhu@hotmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

2016-08-09 15:27:18 +08:00

8.0 KiB

Raw Blame History

View Raw