On Tue, Jul 17, 2012 at 05:56:46PM +0200, Marc-André Lureau wrote: > this is not yet a buffer overflow proof, but you are getting closer perhaps. For this kind of stuff, I prefer to err on the "there's a buffer overflow unless proven otherwise", it's too dangerous to make the opposite assumption. > > So what we are trusting here is an arbitrary value provided by the guest > > system? > > Yes, no further checks after that afaict. So a misconfigured guest > could trigger this error perhaps. I'm more concerned about malicious guests than misconfigured ones. Christophe
Attachment:
pgpQcxeNpi7mw.pgp
Description: PGP signature