Google Git
Sign in
qemu / qemu / dd32b5ea7eeea367058ec8e0f9eb41de41a8d106
commitdd32b5ea7eeea367058ec8e0f9eb41de41a8d106[log] [tgz]
authorAkihiko Odaki <akihiko.odaki@daynix.com>Thu Feb 23 19:20:10 2023 +0900
committerJason Wang <jasowang@redhat.com>Fri Mar 10 15:35:38 2023 +0800
treedf137bc8ef1777e1294e32456c0d37de2c98424f
parent02ef5fdc092bd495d6afd3c0212ff2e45931886d [diff]
hw/net/net_tx_pkt: Check the payload length

Check the payload length if checksumming to ensure the payload contains
the space for the resulting value.

This bug was found by Alexander Bulekov with the fuzzer:
https://patchew.org/QEMU/20230129053316.1071513-1-alxndr@bu.edu/

The fixed test case is:
fuzz/crash_6aeaa33e7211ecd603726c53e834df4c6d1e08bc

Fixes: e263cd49c7 ("Packet abstraction for VMWARE network devices")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
1 file changed
tree: df137bc8ef1777e1294e32456c0d37de2c98424f
  1. .github/
  2. .gitlab/
  3. .gitlab-ci.d/
  4. accel/
  5. audio/
  6. authz/
  7. backends/
  8. block/
  9. bsd-user/
  10. chardev/
  11. common-user/
  12. configs/
  13. contrib/
  14. crypto/
  15. disas/
  16. docs/
  17. dump/
  18. ebpf/
  19. fpu/
  20. fsdev/
  21. gdb-xml/
  22. gdbstub/
  23. hw/
  24. include/
  25. io/
  26. libdecnumber/
  27. linux-headers/
  28. linux-user/
  29. migration/
  30. monitor/
  31. nbd/
  32. net/
  33. pc-bios/
  34. plugins/
  35. po/
  36. python/
  37. qapi/
  38. qga/
  39. qobject/
  40. qom/
  41. replay/
  42. roms/
  43. scripts/
  44. scsi/
  45. semihosting/
  46. softmmu/
  47. stats/
  48. storage-daemon/
  49. stubs/
  50. subprojects/
  51. target/
  52. tcg/
  53. tests/
  54. tools/
  55. trace/
  56. ui/
  57. util/
  58. dtc
  59. meson
  60. .cirrus.yml
  61. .dir-locals.el
  62. .editorconfig
  63. .exrc
  64. .gdbinit
  65. .gitattributes
  66. .gitignore
  67. .gitlab-ci.yml
  68. .gitmodules
  69. .gitpublish
  70. .mailmap
  71. .patchew.yml
  72. .readthedocs.yml
  73. .travis.yml
  74. block.c
  75. blockdev-nbd.c
  76. blockdev.c
  77. blockjob.c
  78. configure
  79. COPYING
  80. COPYING.LIB
  81. cpu.c
  82. cpus-common.c
  83. disas.c
  84. event-loop-base.c
  85. gitdm.config
  86. hmp-commands-info.hx
  87. hmp-commands.hx
  88. iothread.c
  89. job-qmp.c
  90. job.c
  91. Kconfig
  92. Kconfig.host
  93. LICENSE
  94. MAINTAINERS
  95. Makefile
  96. memory_ldst.c.inc
  97. meson.build
  98. meson_options.txt
  99. module-common.c
  100. os-posix.c
  101. os-win32.c
  102. page-vary-common.c
  103. page-vary.c
  104. qemu-bridge-helper.c
  105. qemu-edid.c
  106. qemu-img-cmds.hx
  107. qemu-img.c
  108. qemu-io-cmds.c
  109. qemu-io.c
  110. qemu-keymap.c
  111. qemu-nbd.c
  112. qemu-options.hx
  113. qemu.nsi
  114. qemu.sasl
  115. README.rst
  116. replication.c
  117. trace-events
  118. VERSION
  119. version.rc