|
From: | Max Reitz |
Subject: | Re: [Qemu-devel] [PATCH for-2.0 36/47] dmg: sanitize chunk length and sectorcount (CVE-2014-0145) |
Date: | Sat, 29 Mar 2014 00:11:19 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
Chunk length and sectorcount are used for decompression buffers as well as the bdrv_pread() count argument. Ensure that they have reasonable values so neither memory allocation nor conversion from uint64_t to int will cause problems. Signed-off-by: Stefan Hajnoczi <address@hidden> Signed-off-by: Kevin Wolf <address@hidden> --- block/dmg.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
Reviewed-by: Max Reitz <address@hidden>
[Prev in Thread] | Current Thread | [Next in Thread] |