19 Aug
2010
19 Aug
'10
10:52 p.m.
On 08/19/2010 02:47 PM, Matthias Bolte wrote:
2010/8/19 Eric Blake <eblake@redhat.com>:
* src/uml/uml_driver.c (umlMonitorCommand): Validate that enough bytes were read to dereference both res.length, and that many bytes from res.data. Reported by Soren Hansen. --- - if (nbytes < sizeof res) { + if (nbytes < offsetof(struct monitor_request, data) || + nbytes < res.length + offsetof(struct monitor_request, data)) {
You could reverse the order to
nbytes < offsetof(struct monitor_request, data) + res.length
to be in line with the layout of the data, but that's just me nit-picking here.
Sure, why not.
ACK.
Done, and pushed. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org