[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE
From: |
Gerd Hoffmann |
Subject: |
Re: [Qemu-devel] [PATCH] fmops: fix off-by-one in AR_TABLE and DR_TABLE array size |
Date: |
Wed, 21 Nov 2018 14:07:43 +0100 |
User-agent: |
NeoMutt/20180716 |
On Wed, Nov 21, 2018 at 04:19:11PM +0530, P J P wrote:
> Hello Gerd,
>
> +-- On Mon, 12 Nov 2018, Gerd Hoffmann wrote --+
> | On Tue, Oct 30, 2018 at 09:23:40AM +0100, Gerd Hoffmann wrote:
> | > Fixes: CVE-2018-???
> | > Cc: P J P <address@hidden>
> |
> | ping, do we have a cve number meanwhile?
>
> No, the off-by-one does not seem to have an adverse effect. One byte past
> AR_TABLE[75] array would likely read into DR_TABLE[75] array, which would
> anyway be accessible to a driver. It does not seem to crash Qemu either. I
> think it's more of a bug fix, than security fix. Hope that's okay.
Ok, makes sense, I'll drop the cve line then and queue the patch.
cheers,
Gerd