On 16-08-2010 18:04, Eric Blake wrote: >> So the size of the response datagram isn't sizeof(res) as the check in >> uml_driver.c expects, but rather sizeof(res.error) + sizeof(res.extra) + >> sizeof(res.length) + res.length. > I agree with this analysis. In other words, the check should be more > like this (two conditions - did we get enough bytes to even have a valid > res.length, and did we get enough bytes to match with what res.length > stated): > > if (nbytes < offsetof(struct monitor_request, data) || > nbytes < res.length + offsetof(struct monitor_request, data)) > incomplete reply Yup, this looks good. > But before I write such a patch, I'm going to look in more details at > your other reply. Let's just forget all about that one, shall we? Please? :) -- Soren Hansen Ubuntu Developer http://www.ubuntu.com/
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list