qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same co

From: Qinghao Tang
Subject: Re: [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same command block
Date: Fri, 20 Nov 2015 10:43:02 +0800
Currently what problem do you have? Perhaps I could provide more support.
And please give this vulnerability a cve id.
Thanks!

2015-11-04 11:31 GMT+08:00 Jason Wang <address@hidden>:


On 11/04/2015 02:49 AM, P J P wrote:
> +-- On Tue, 20 Oct 2015, Jason Wang wrote --+
> | Can this survive if we had a chain like?
> | A->B->A
>
>   No, current patch wouldn't cope with it. Though I wonder if such a loop is
> possible?

Just wondering.

Tx.link is unit32_t, but any chance s->cu_base + s->cu_offset can result
a integer overflow?

>
> | If not, looks like we need to limit the maximum number of commands in a
> | chain? (e.g 256)
>
>   Okay, I'll update the patch.
>
> @max, @Qinghao: did you have chance to test the current patch? (just checking)
>
>
> Thank you.
> --
>  - P J P
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
>


reply via email to
[Prev in Thread] Current Thread [Next in Thread]