Re: [libvirt] [PATCH 01/10] uml: fix logic bug in checking reply length
On 08/19/2010 02:47 PM, Matthias Bolte wrote:
2010/8/19 Eric Blake <eblake(a)redhat.com>:
> * src/uml/uml_driver.c (umlMonitorCommand): Validate that enough
> bytes were read to dereference both res.length, and that many
> bytes from res.data.
> Reported by Soren Hansen.
> ---
> - if (nbytes < sizeof res) {
> + if (nbytes < offsetof(struct monitor_request, data) ||
> + nbytes < res.length + offsetof(struct monitor_request, data)) {
You could reverse the order to
nbytes < offsetof(struct monitor_request, data) + res.length
to be in line with the layout of the data, but that's just me nit-picking here.
Sure, why not.
ACK.
Done, and pushed.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)