diff options
| author | Stephen Longfield <slongfield@google.com> | 2022-12-21 10:32:02 -0800 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2023-01-05 15:33:00 +0000 |
| commit | 93c9678de9dc7d2e68f9e8477da072bac30ef132 (patch) | |
| tree | 1b4d1babf6241651dc60fac8db7d4e4266000728 /qemu-keymap.c | |
| parent | c73c2798304916a27c21157bbc24acccdeb3c5e2 (diff) | |
| download | qemu-93c9678de9dc7d2e68f9e8477da072bac30ef132.zip qemu-93c9678de9dc7d2e68f9e8477da072bac30ef132.tar.gz qemu-93c9678de9dc7d2e68f9e8477da072bac30ef132.tar.bz2 | |
hw/net: Fix read of uninitialized memory in imx_fec.
Size is used at lines 1088/1188 for the loop, which reads the last 4
bytes from the crc_ptr so it does need to get increased, however it
shouldn't be increased before the buffer is passed to CRC computation,
or the crc32 function will access uninitialized memory.
This was pointed out to me by clg@kaod.org during the code review of
a similar patch to hw/net/ftgmac100.c
Change-Id: Ib0464303b191af1e28abeb2f5105eb25aadb5e9b
Signed-off-by: Stephen Longfield <slongfield@google.com>
Reviewed-by: Patrick Venture <venture@google.com>
Message-id: 20221221183202.3788132-1-slongfield@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'qemu-keymap.c')
0 files changed, 0 insertions, 0 deletions