|
From: | Anthony Liguori |
Subject: | [Qemu-devel] Re: [PATCH to consider for 0.12] vmware_vga: Don't crash on too-big DEFINE_CURSOR command |
Date: | Thu, 17 Dec 2009 16:34:26 -0600 |
User-agent: | Thunderbird 2.0.0.23 (X11/20090825) |
Hi Roland, Roland Dreier wrote:
Hi Anthony -- just sent this patch to qemu-devel (although I don't see it in archives yet). Anyway I realize it is really really late given your release timeframe but I think the risk of this pretty minimal, and the patch fixes a crash in a pretty reasonable config (running a modern Linux distro with the fastest guest video adapter). So please consider this for 0.12. Another possibility would be to just take the part of the patch that bumps the array size in the structure, since that seems to have essentially 0 risk and fixes the crash in the case I've seen.
Thanks for the patch. I'm planning on giving Dave Airlie's series a try for 0.12.0. I'm pretty comfortable with those patches (since a few of them are mine :-)). I also don't think vmware-vga is going to be reliable without them so I don't think pulling in the one fix is good enough.
His last patch has the same fix without the printf(). The printf is probably something to avoid since a malicious guest could create a storm of them. Since libvirt logs stderr by default, the result could be pretty nasty.
Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |