e1000: bounds packet size against buffer size
authorAnthony Liguori <aliguori@us.ibm.com>
Mon, 23 Jan 2012 13:30:43 +0000 (07:30 -0600)
committerJustin M. Forbes <jforbes@redhat.com>
Mon, 23 Jan 2012 21:07:00 +0000 (15:07 -0600)
commitd0ed2d2e8e863a9a64c9fc9c08fa68bee546ad00
tree775f3e3204a459ed0c84ef081a3357cfe483b043
parent85a4ca797dbe25f27df0a66aa4df1cab63245cd3
e1000: bounds packet size against buffer size

Otherwise we can write beyond the buffer and corrupt memory.  This is tracked
as CVE-2012-0029.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
hw/e1000.c