blob: a537ceab181b7d9611c7f66580b34ec75bf39826 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
network: 0.849
socket: 0.785
mistranslation: 0.751
device: 0.672
instruction: 0.666
other: 0.604
graphic: 0.561
semantic: 0.531
vnc: 0.511
boot: 0.407
assembly: 0.233
KVM: 0.196
lan9118 bug peeked received message size not equal to actual received message size
peeked message is not equal to read message
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Thanks,
Alfred
Do you have a test case that will reproduce this bug ?
(The line of code you point out is pretty clearly wrong; it would just be nice to have a test case to confirm that the obvious fix works.)
This patchset should fix this bug:
https://<email address hidden>/
PS: this isn't a security issue because the lan9118 is used only on board models that can't run under KVM and so it is not on QEMU's security boundary.
We do have some code, that is giving different results, between the peeked and the actual:
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/9a25860e761036a9eb780799c9db632e3eff60c9/portable/NetworkInterface/MPS2_AN385/NetworkInterface.c#L237
We also have a fix to circumvent the problem by just reading the actual size and omit the peeked bytes.
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/pull/142
changing the code i pointed locally worked fine, but we can't expect all our users to compile qemu from scratch and apply a patch
Alfred
Fix now in master: commit e7e29fdbbe07f.
|