diff options
| author | Juergen Lock <nox@FreeBSD.org> | 2007-04-09 20:24:44 +0000 |
|---|---|---|
| committer | Juergen Lock <nox@FreeBSD.org> | 2007-04-09 20:24:44 +0000 |
| commit | f3cb5f8aa1a93004879b1e0845f9fd92cba5c1de (patch) | |
| tree | 5e802404d1c856d4f66e659c7dc724d88db1d7e1 /emulators | |
| parent | 3ff5f205243cc1df0eefef641ba49eff1c83296a (diff) | |
| download | ports-f3cb5f8aa1a93004879b1e0845f9fd92cba5c1de.tar.gz ports-f3cb5f8aa1a93004879b1e0845f9fd92cba5c1de.zip | |
Notes
Diffstat (limited to 'emulators')
| -rw-r--r-- | emulators/qemu-devel/Makefile | 1 | ||||
| -rw-r--r-- | emulators/qemu-devel/files/patch-hw-eepro100.c | 50 |
2 files changed, 51 insertions, 0 deletions
diff --git a/emulators/qemu-devel/Makefile b/emulators/qemu-devel/Makefile index baa8fe6f94a3..7257be443a18 100644 --- a/emulators/qemu-devel/Makefile +++ b/emulators/qemu-devel/Makefile @@ -7,6 +7,7 @@ PORTNAME= qemu PORTVERSION= 0.9.0s.20070405 +PORTREVISION= 1 CATEGORIES= emulators MASTER_SITES= http://qemu.org/:release \ http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \ diff --git a/emulators/qemu-devel/files/patch-hw-eepro100.c b/emulators/qemu-devel/files/patch-hw-eepro100.c new file mode 100644 index 000000000000..79337757bde1 --- /dev/null +++ b/emulators/qemu-devel/files/patch-hw-eepro100.c @@ -0,0 +1,50 @@ +Index: qemu/hw/eepro100.c +@@ -729,6 +729,7 @@ + logout + ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n", + tx_buffer_address, tx_buffer_size); ++ assert(size + tx_buffer_size <= sizeof(buf)); + cpu_physical_memory_read(tx_buffer_address, &buf[size], + tx_buffer_size); + size += tx_buffer_size; +@@ -749,9 +750,13 @@ + logout + ("TBD (extended mode): buffer address 0x%08x, size 0x%04x\n", + tx_buffer_address, tx_buffer_size); +- cpu_physical_memory_read(tx_buffer_address, &buf[size], +- tx_buffer_size); +- size += tx_buffer_size; ++ if (size + tx_buffer_size > sizeof(buf)) { ++ logout("bad extended TCB with size 0x%04x\n", tx_buffer_size); ++ } else { ++ cpu_physical_memory_read(tx_buffer_address, &buf[size], ++ tx_buffer_size); ++ size += tx_buffer_size; ++ } + if (tx_buffer_el & 1) { + break; + } +@@ -766,14 +771,20 @@ + logout + ("TBD (flexible mode): buffer address 0x%08x, size 0x%04x\n", + tx_buffer_address, tx_buffer_size); +- cpu_physical_memory_read(tx_buffer_address, &buf[size], +- tx_buffer_size); +- size += tx_buffer_size; ++ if (size + tx_buffer_size > sizeof(buf)) { ++ logout("bad flexible TCB with size 0x%04x\n", tx_buffer_size); ++ } else { ++ cpu_physical_memory_read(tx_buffer_address, &buf[size], ++ tx_buffer_size); ++ size += tx_buffer_size; ++ } + if (tx_buffer_el & 1) { + break; + } + } + } ++ logout("%p sending frame, len=%d,%s\n", s, size, nic_dump(buf, size)); ++ assert(size <= sizeof(buf)); + qemu_send_packet(s->vc, buf, size); + s->statistics.tx_good_frames++; + /* Transmit with bad status would raise an CX/TNO interrupt. |