On Fri, Oct 26, 2018 at 12:38:53PM +0530, P J P wrote: > +-- On Thu, 25 Oct 2018, Daniel P. Berrangé wrote --+ > | On Thu, Oct 25, 2018 at 04:26:16PM +0530, P J P wrote: > | > +-- On Thu, 25 Oct 2018, Gerd Hoffmann wrote --+ > | > | We have a lovely, guest-triggerable buffer overflow in opl2 emulation. > | > | > | > | Reproducer: > | > | outw(0xff60, 0x220); > | > | outw(0x1020, 0x220); > | > | outw(0xffb0, 0x220); > | > | Result: > | > | Will overflow FM_OPL->AR_TABLE[] (see hw/audio/fmopl.[ch]) > | > > | > + Reported-by: Wangjunqing <wangjunqing@xxxxxxxxxx> > | > | So you have a CVE number for this ? > > No, since the adlib device is not used as much and is being deprecated, I'm > not inclined to get one. Any security issue that affects code in QEMU that is currently being shipped by distros should have a CVE. Whether we intend to deprecate & delete it later should not be a factor because we are free to cancel the deprecation process at any time if we find a reason to keep the feature around. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
