The attached patch fixes a bug in the slirp memory management code.
m_inc() is called during IP reassembly for IP datagrams greater than 4
KB, as arises with NFS. Currently the code assumes that realloc()
always resizes the buffer without moving it; if the buffer is moved,
the m_data pointer is left pointing to an invalid location. The bug
causes qemu to crash when there is any significant amount of NFS
traffic.

The patch restores some commented-out code that updates m_data correctly.

--Ed