From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1FaOW5-00059m-4H
	for qemu-devel@nongnu.org; Sun, 30 Apr 2006 22:52:05 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1FaOW1-00055n-CQ
	for qemu-devel@nongnu.org; Sun, 30 Apr 2006 22:52:02 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1FaOW1-00055Z-4X
	for qemu-devel@nongnu.org; Sun, 30 Apr 2006 22:52:01 -0400
Received: from [64.233.162.201] (helo=nz-out-0102.google.com)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1FaOZj-00074k-OY
	for qemu-devel@nongnu.org; Sun, 30 Apr 2006 22:55:51 -0400
Received: by nz-out-0102.google.com with SMTP id 14so2647416nzn
	for <qemu-devel@nongnu.org>; Sun, 30 Apr 2006 19:52:00 -0700 (PDT)
Message-ID: <c1bf1cf0604301952x3c1ae8aaj4afe4f1243b1441b@mail.gmail.com>
Date: Sun, 30 Apr 2006 19:52:00 -0700
From: "Ed Swierk" <eswierk@arastra.com>
Sender: eswierk@gmail.com
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_Part_8712_28014408.1146451920514"
Subject: [Qemu-devel] [PATCH] Fix crash due to incorrect pointer logic in
	slirp/ip_input.c
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

------=_Part_8712_28014408.1146451920514
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
Content-Disposition: inline

QW5vdGhlciBtZW1vcnkgbWFuYWdlbWVudCBidWcgaW4gdGhlIHNsaXJwIGNvZGUgY2F1c2VzIHFl
bXUgdG8gY3Jhc2gKd2hpbGUgYXR0ZW1wdGluZyB0byByZWFzc2VtYmxlIGEgZnJhZ21lbnRlZCBJ
UCBwYWNrZXQuIFdoaWxlIGl0ZXJhdGluZwp0aHJvdWdoIGEgbGlzdCBvZiBidWZmZXJzLCBpZiBt
X2NhdCgpIG1vdmVzIHRoZSBjdXJyZW50IGJ1ZmZlciwgdGhlCnBvaW50ZXIgdG8gdGhlIG5leHQg
YnVmZmVyIGlzIHJlYWQgZnJvbSBhbiBpbnZhbGlkIGxvY2F0aW9uLgoKVGhlIGF0dGFjaGVkIHBh
dGNoIHNpbXBseSByZWFkcyB0aGUgbmV4dCBidWZmZXIgcG9pbnRlciBiZWZvcmUgY2FsbGluZwpt
X2NhdCgpLiBJbmNpZGVudGFsbHksIHRoaXMgaXMgYWxzbyB0aGUgZml4IGFkb3B0ZWQgaW4gdGhl
IEJTRApuZXR3b3JraW5nIHN0YWNrLCBmcm9tIHdoaWNoIHNsaXJwIHdhcyBvcmlnaW5hbGx5IGRl
cml2ZWQuCgotLUVkCg==
------=_Part_8712_28014408.1146451920514
Content-Type: text/x-patch; name=qemu-slirp-reassembly-bug.patch;
	charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Attachment-Id: f_emo7uve4
Content-Disposition: attachment; filename="qemu-slirp-reassembly-bug.patch"

diff -BurN qemu-snapshot-2006-03-27_23.orig/slirp/ip_input.c qemu-snapshot-2006-03-27_23/slirp/ip_input.c
--- qemu-snapshot-2006-03-27_23.orig/slirp/ip_input.c	2004-04-22 00:10:47.000000000 +0000
+++ qemu-snapshot-2006-03-27_23/slirp/ip_input.c	2006-04-06 06:02:52.000000000 +0000
@@ -344,8 +344,8 @@
 	while (q != (struct ipasfrag *)fp) {
 	  struct mbuf *t;
 	  t = dtom(q);
-	  m_cat(m, t);
 	  q = (struct ipasfrag *) q->ipf_next;
+	  m_cat(m, t);
 	}
 
 	/*

------=_Part_8712_28014408.1146451920514--