[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 07/23] hw/pci/pcie_aer.c: fix buffer overruns on
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PATCH 07/23] hw/pci/pcie_aer.c: fix buffer overruns on invalid state load |
|
Date: |
Tue, 3 Dec 2013 21:25:49 +0000 |
On 3 December 2013 21:19, Eric Blake <address@hidden> wrote:
> On 12/03/2013 01:59 PM, Peter Maydell wrote:
>
>>
>> If a QEMU with this patch sends data to a QEMU without it, then the
>> receiving end will think it should expect log_num array entries but the
>> sending end is going to send log_max of them. Conversely, an old->new
>> migration is going to send fewer array entries than the destination
>> expects. Or have I misinterpreted how the VARRAY entries work?
>
> If a qemu sends data larger than the field, the source side is already
> compromised.
Not if the reason it's sending data larger than the field is because
it's a non-compromised QEMU with this patch which makes it send
log_max entries regardless of log_num, surely?
-- PMM
- Re: [Qemu-devel] [PATCH 02/23] virtio-net: out-of-bounds buffer write on load, (continued)
[Qemu-devel] [PATCH 08/23] pl022: fix buffer overun on invalid state load, Michael S. Tsirkin, 2013/12/03
[Qemu-devel] [PATCH 09/23] target-arm/machine.c: fix buffer overflow on invalid state load, Michael S. Tsirkin, 2013/12/03
[Qemu-devel] [PATCH 10/23] stellaris_enet: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2013/12/03
[Qemu-devel] [PATCH 12/23] stellaris_enet: avoid buffer orerrun on incoming migration (part 3), Michael S. Tsirkin, 2013/12/03
[Qemu-devel] [PATCH 13/23] virtio: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2013/12/03
[Qemu-devel] [PATCH 14/23] openpic: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2013/12/03