On 2016年08月02日 19:37, P J P wrote:
From: Prasad J Pandit <p...@fedoraproject.org>
VMware VMXNET* NIC emulator supports packet fragmentation.
While fragmenting a packet, it checks for more fragments based
on packet length and current fragment length. It is susceptible
to an infinite loop, if the current fragment length is zero.
Add check to avoid it.
Reported-by: Li Qiang <liqiang...@360.cn>
Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
---
hw/net/vmxnet_tx_pkt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/vmxnet_tx_pkt.c b/hw/net/vmxnet_tx_pkt.c
index 91e1e08..f4d0f5f 100644
--- a/hw/net/vmxnet_tx_pkt.c
+++ b/hw/net/vmxnet_tx_pkt.c
@@ -544,7 +544,7 @@ static bool vmxnet_tx_pkt_do_sw_fragmentation(struct
VmxnetTxPkt *pkt,
fragment_offset += fragment_len;
- } while (more_frags);
+ } while (fragment_len && more_frags);
return true;
}
The patch doesn't apply cleanly on HEAD, we now move this logic to
hw/net/net_tx_pkt.c. Please resend on top of HEAD and cc Dmitry Fleytman
<dmi...@daynix.com>.
Thanks
