[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-stable] [CVE-2014-3615 PATCH v2 3/3] spice: make sure we don't
From: |
Gerd Hoffmann |
Subject: |
Re: [Qemu-stable] [CVE-2014-3615 PATCH v2 3/3] spice: make sure we don't overflow ssd->buf |
Date: |
Fri, 05 Sep 2014 11:33:20 +0200 |
On Fr, 2014-09-05 at 11:06 +0200, Laszlo Ersek wrote:
> > Makes sense. I think it is easier to just multiply in 64bit, then
> check
> > the result is small enougth (new patch attached).
>
> Okay, if you can guarantee that the product fits in uint64_t, then
> such
> a check would suffice.
>
> New patch has not been attached though :)
Oops. Here we go.
cheers,
Gerd
0001-spice-make-sure-we-don-t-overflow-ssd-buf.patch
Description: Text Data