|
From: | Eric Blake |
Subject: | Re: [Qemu-devel] [PATCH 48/56] json: Enforce token count and size limits more tightly |
Date: | Thu, 16 Aug 2018 08:22:18 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
On 08/08/2018 07:03 AM, Markus Armbruster wrote:
Token count and size limits exist to guard against excessive heap usage. We check them only after we created the token on the heap. That's assigning a cowboy to the barn to lasso the horse after it has bolted. Close the barn door instead: check before we create the token.
Love the imagery.
Signed-off-by: Markus Armbruster <address@hidden> --- qobject/json-streamer.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-)
Reviewed-by: Eric Blake <address@hidden> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
[Prev in Thread] | Current Thread | [Next in Thread] |