Hello Stefan,
On 06/18/2014 12:48 PM, Stefan Hajnoczi wrote:
One more thing to add to the list:
static void ivshmem_read(void *opaque, const uint8_t * buf, int flags)
The "flags" argument should be "size". Size should be checked before
accessing buf.
You are welcome to send a fix and I will review it.
Please also see the bug fixes in the following unapplied patch:
"[PATCH] ivshmem: fix potential OOB r/w access (#2)" by Sebastian Krahmer
https://lists.gnu.org/archive/html/qemu-devel/2014-04/msg03538.html
Thanks for the pointer. I'll check it.
--
David Marchand
