[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-2.9] nbd/client: fix drop_sync [CVE-2017-263
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH for-2.9] nbd/client: fix drop_sync [CVE-2017-2630] |
Date: |
Tue, 7 Mar 2017 09:15:34 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 |
On 03/06/2017 04:30 PM, Eric Blake wrote:
> From: Vladimir Sementsov-Ogievskiy <address@hidden>
>
> Comparison symbol is misused. It may lead to memory corruption.
> Introduced in commit 7d3123e.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
> Message-Id: <address@hidden>
> [eblake: add CVE details]
> Signed-off-by: Eric Blake <address@hidden>
> Reviewed-by: Marc-André Lureau <address@hidden>
Blergh. This R-b isn't correct.
Sending v2 with fixed attributions, and with >= instead of >.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature