On 8/3/21 11:33 AM, Thomas Huth wrote: > On 05/07/2021 10.40, Philippe Mathieu-Daudé wrote: >> Our infrastructure can handle fragmented packets up to >> NET_MAX_FRAG_SG_LIST (64) pieces. This hard limit has >> been proven enough in production for years. If it is >> reached, it is likely an evil crafted packet. Discard it. >> >> Include the qtest reproducer provided by Alexander Bulekov: >> >> $ make check-qtest-i386 >> ... >> Running test qtest-i386/fuzz-vmxnet3-test >> qemu-system-i386: net/eth.c:334: void >> eth_setup_ip4_fragmentation(const void *, size_t, void *, size_t, >> size_t, size_t, _Bool): >> Assertion `frag_offset % IP_FRAG_UNIT_SIZE == 0' failed. >> >> Cc: qemu-sta...@nongnu.org >> Reported-by: OSS-Fuzz (Issue 35799) >> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/460 >> Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> >> --- >> hw/net/net_tx_pkt.c | 8 ++ >> tests/qtest/fuzz-vmxnet3-test.c | 195 ++++++++++++++++++++++++++++++++ >> MAINTAINERS | 1 + >> tests/qtest/meson.build | 1 + >> 4 files changed, 205 insertions(+) >> create mode 100644 tests/qtest/fuzz-vmxnet3-test.c > > Reviewed-by: Thomas Huth <th...@redhat.com> > > Jason, I think this would even still qualify for QEMU v6.1 ?
Yes, easy one for 6.1.
