|
From: | David Marchand |
Subject: | Re: [Qemu-devel] Why I advise against using ivshmem |
Date: | Wed, 18 Jun 2014 16:57:02 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.5.0 |
Hello Stefan, On 06/18/2014 12:48 PM, Stefan Hajnoczi wrote:
One more thing to add to the list: static void ivshmem_read(void *opaque, const uint8_t * buf, int flags) The "flags" argument should be "size". Size should be checked before accessing buf.
You are welcome to send a fix and I will review it.
Please also see the bug fixes in the following unapplied patch: "[PATCH] ivshmem: fix potential OOB r/w access (#2)" by Sebastian Krahmer https://lists.gnu.org/archive/html/qemu-devel/2014-04/msg03538.html
Thanks for the pointer. I'll check it. -- David Marchand
[Prev in Thread] | Current Thread | [Next in Thread] |