Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.5854
CVE-2016-9776-qemut-net-mcf_fec-infinite-loop-w...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-9776-qemut-net-mcf_fec-infinite-loop-while-receiving-data-in-mcf_fec_receive.patch of Package xen.5854
References: bsc#1013657 CVE-2016-9776 ColdFire Fast Ethernet Controller uses a receive buffer size register(EMRBR) to hold maximum size of all receive buffers. It is set by a user before any operation. If it was set to be zero, ColdFire emulator would go into an infinite loop while receiving data in mcf_fec_receive. Add check to avoid it. Reported-by: Wjjzhang <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- hw/net/mcf_fec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: xen-4.4.4-testing/tools/qemu-xen-traditional-dir-remote/hw/mcf_fec.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/mcf_fec.c +++ xen-4.4.4-testing/tools/qemu-xen-traditional-dir-remote/hw/mcf_fec.c @@ -340,7 +340,7 @@ static void mcf_fec_write(void *opaque, s->tx_descriptor = s->etdsr; break; case 0x188: - s->emrbr = value & 0x7f0; + s->emrbr = value > 0 ? value & 0x7F0 : 0x7F0; break; default: cpu_abort(cpu_single_env, "mcf_fec_write Bad address 0x%x\n",
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor