Ed Swierk wrote:
In several places in qemu's slirp code, signed and unsigned ints are
used interchangeably when dealing with IP packet lengths and offsets.
This causes IP packets greater than 32K in length to be scrambled in
various interesting ways that are extremely difficult to troubleshoot.
Although large IP packets are fairly rare in practice, certain
UDP-based protocols like NFS use them extensively.
The attached patch wraps IP packet lengths and offsets in macros that
ensure they are always properly treated as unsigned values.
Why not changing the definition itself to uint16_t and verifying each
occurence of ip_off and ip_len ?
Fabrice.
_______________________________________________
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
