[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] qapi: change QmpInputVisitor to QSLIST
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH] qapi: change QmpInputVisitor to QSLIST |
Date: |
Thu, 7 Jul 2016 13:08:27 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 |
On 07/07/2016 10:19, Markus Armbruster wrote:
> Actually, you should either prove that untrusted input still cannot make
> us allocated unbounded amounts of memory, or bring the limit right back.
This is not where untrusted input can be blocked from allocating
unbounded memory---that would be QmpOutputVisitor, which converts a
stream of visitor calls into a QObject.
The QmpInputVisitor's allocation depth is bounded by the number of
levels in the incoming QObject, so a QmpInputVisitor cannot allocate
more memory than whatever has been allocated already by QEMU.
In addition, QmpOutputVisitor allocates memory not just for the stack
but also a QObject for every *value*. So you can make QmpOutputVisitor
allocate unbounded memory even with a single huge QDict.
Paolo
Re: [Qemu-devel] [PATCH] qapi: change QmpOutputVisitor to QSLIST, Eric Blake, 2016/07/06
Re: [Qemu-devel] [PATCH] qapi: change QmpOutputVisitor to QSLIST, Markus Armbruster, 2016/07/07