Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE

From:	P J P
Subject:	Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE array size
Date:	Wed, 21 Nov 2018 16:19:11 +0530 (IST)

 Hello Gerd,

+-- On Mon, 12 Nov 2018, Gerd Hoffmann wrote --+
| On Tue, Oct 30, 2018 at 09:23:40AM +0100, Gerd Hoffmann wrote:
| > Fixes: CVE-2018-???
| > Cc: P J P <address@hidden>
| 
| ping, do we have a cve number meanwhile?

No, the off-by-one does not seem to have an adverse effect. One byte past 
AR_TABLE[75] array would likely read into DR_TABLE[75] array, which would 
anyway be accessible to a driver. It does not seem to crash Qemu either. I 
think it's more of a bug fix, than security fix. Hope that's okay.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE array size, Gerd Hoffmann, 2018/11/12
- Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE array size, P J P <=
  - Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE array size, Gerd Hoffmann, 2018/11/21
- Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE array size, Thomas Huth, 2018/11/27

Prev by Date: Re: [Qemu-devel] [PATCH v2 2/9] cutils: Fix qemu_strtosz() & friends to reject non-finite sizes
Next by Date: Re: [Qemu-devel] [PATCH v2 5/9] test-string-input-visitor: Add more tests
Previous by thread: Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE array size
Next by thread: Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE array size
Index(es):
- Date
- Thread