On 08/19/2010 02:47 PM, Matthias Bolte wrote:
> 2010/8/19 Eric Blake <eblake@xxxxxxxxxx>:
>> * src/uml/uml_driver.c (umlMonitorCommand): Validate that enough
>> bytes were read to dereference both res.length, and that many
>> bytes from res.data.
>> Reported by Soren Hansen.
>> ---
>> - if (nbytes < sizeof res) {
>> + if (nbytes < offsetof(struct monitor_request, data) ||
>> + nbytes < res.length + offsetof(struct monitor_request, data)) {
>
> You could reverse the order to
>
> nbytes < offsetof(struct monitor_request, data) + res.length
>
> to be in line with the layout of the data, but that's just me nit-picking here.
Sure, why not.
>
> ACK.
Done, and pushed.
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list