Re: [Qemu-devel] [security bug]code_gen

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [security bug]code_gen_buffer can be overflowed

From:	Blue Swirl
Subject:	Re: [Qemu-devel] [security bug]code_gen_buffer can be overflowed
Date:	Fri, 30 Nov 2007 18:04:29 +0200

On 11/28/07, TeLeMan <address@hidden> wrote:
>
> dyngen_code() can generate more than CODE_GEN_MAX_SIZE bytes, code_gen_buffer
> can be overflowed. I hope this security bug will be fixed soon.

Thank you for the analysis. It's true that cpu_gen_code does not pass
CODE_GEN_MAX_SIZE (65536) on to gen_intermediate_code and that should
be fixed. But gen_intermediate_code can only add OPC_MAX_SIZE (512 -
32) instructions more, so there is no security bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [security bug]code_gen_buffer can be overflowed, TeLeMan, 2007/11/27
- Re: [Qemu-devel] [security bug]code_gen_buffer can be overflowed, Blue Swirl <=
  - Re: [Qemu-devel] [security bug]code_gen_buffer can be overflowed, TeLeMan, 2007/11/30

Prev by Date: Re: [Qemu-devel] [PATCH] [RESEND] hw/sh7750.c: use TARGET_FMT_plx to printf target_phys_addr_t
Next by Date: Re: [Qemu-devel] [PATCH] [RESEND] hw/sh7750.c: use TARGET_FMT_plx to printf target_phys_addr_t
Previous by thread: [Qemu-devel] [security bug]code_gen_buffer can be overflowed
Next by thread: Re: [Qemu-devel] [security bug]code_gen_buffer can be overflowed
Index(es):
- Date
- Thread