On Fri, May 31, 2024 at 5:20 PM Liam Merwick <liam.merwick@xxxxxxxxxx> wrote: > > + metadata = (OvmfSevMetadata *)(flash_ptr + flash_size - data->offset); > > + if (memcmp(metadata->signature, "ASEV", 4) != 0) { > > + return; > > + } > > + > > + ovmf_sev_metadata_table = g_malloc(metadata->len); > > There should be a bounds check on metadata->len before using it. You mean like: if (metadata->len <= flash_size - data->offset) { ovmf_sev_metadata_table = g_memdup2(metadata, metadata->len); } ? Paolo