Re: [Qemu-devel] [PATCH 07/23] hw/pci/pcie_aer.c: fix buffer overruns on invalid state load

[Eric Blake]

On 12/03/2013 01:59 PM, Peter Maydell wrote:

> 
> If a QEMU with this patch sends data to a QEMU without it, then the
> receiving end will think it should expect log_num array entries but the
> sending end is going to send log_max of them. Conversely, an old->new
> migration is going to send fewer array entries than the destination
> expects. Or have I misinterpreted how the VARRAY entries work?

If a qemu sends data larger than the field, the source side is already
compromised.  All we care about is that the destination fails
gracefully, rather than acting on the bogus information from the
compromised source.  Versioning is only necessary for correct migration
data, and doesn't matter when the source is already compromised.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature