[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2

From: Peter Maydell
Subject: Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation()
Date: Sun, 12 Apr 2020 21:57:58 +0100

On Sun, 12 Apr 2020 at 21:53, Philippe Mathieu-Daudé <address@hidden> wrote:
> "VMs using KVM" as security boundary is very clear, thanks.
> Note 1: This this doesn't appear on the QEMU security process
> description: https://www.qemu.org/contribute/security-process/

It's part of the list of how to decide whether an issue is
security sensitive:
 "Is QEMU used in conjunction with a hypervisor (as opposed
  to TCG binary translation)?"

We also document it in the user manuals now (a relatively
recent improvement):

> Note 2: If a reported bug is not in security boundary, it should be
> reported as a bug to mainstream QEMU, to give the community a chance to
> fix it.

Yes; bugs are still bugs.

-- PMM

reply via email to

[Prev in Thread] Current Thread [Next in Thread]