From 2091fb307cd979de3f1c0d041adfda2bb96460d3 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Wed, 23 Sep 2009 11:01:39 -0300
Subject: [PATCH] qemu/virtio-net: do not return stack pointer from function
RH-Author: Michael S. Tsirkin <mst@redhat.com>
Message-id: <20090922101220.GF2170@redhat.com>
Patchwork-id: 3490
O-Subject: Re: RHEL-5.5 KVM patch queue report - 2009-09-18
Bugzilla: 521829
RH-Acked-by: Juan Quintela <quintela@redhat.com>
RH-Acked-by: Mark McLoughlin <markmc@redhat.com>
RH-Acked-by: Avi Kivity <avi@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
qemu/virtio-net: do not return stack pointer from function
virtio_net_flush_tx stores a pointer to stack variable "elem", on heap.
This leads to crashes when that pointer is later used. Make it point to
tx_queue.elem instead, which has a copy of the same data.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
qemu/hw/virtio-net.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/qemu/hw/virtio-net.c b/qemu/hw/virtio-net.c
index be8ba6d..5d63547 100644
--- a/qemu/hw/virtio-net.c
+++ b/qemu/hw/virtio-net.c
@@ -377,7 +377,7 @@ static int virtio_net_flush_tx(VirtIONet *n, VirtQueue *vq, int enable_notify)
virtio_queue_set_notification(n->tx_vq, 0);
n->tx_queue.elem = elem;
n->tx_queue.len = len;
- n->tx_queue.out_sg = out_sg;
+ n->tx_queue.out_sg = &n->tx_queue.elem.out_sg[out_sg - elem.out_sg];
n->tx_queue.out_num = out_num;
return num_packets;
}
--
1.6.3.rc4.29.g8146
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
340e01248478ba8b78a6d4d1809b1eff
>
files
>
728
