[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE
From: |
P J P |
Subject: |
Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE array size |
Date: |
Wed, 21 Nov 2018 16:19:11 +0530 (IST) |
Hello Gerd,
+-- On Mon, 12 Nov 2018, Gerd Hoffmann wrote --+
| On Tue, Oct 30, 2018 at 09:23:40AM +0100, Gerd Hoffmann wrote:
| > Fixes: CVE-2018-???
| > Cc: P J P <address@hidden>
|
| ping, do we have a cve number meanwhile?
No, the off-by-one does not seem to have an adverse effect. One byte past
AR_TABLE[75] array would likely read into DR_TABLE[75] array, which would
anyway be accessible to a driver. It does not seem to crash Qemu either. I
think it's more of a bug fix, than security fix. Hope that's okay.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F