Am 07.08.2014 um 20:34 hat Max Reitz geschrieben: > On 24.06.2014 17:36, Kevin Wolf wrote: > >A not too small part of the recent CVEs were DoS scenarios by letting > >qemu abort with too large memory allocations. We generally "fixed" these > >cases by setting some limits on values read from image files that > >influence the size of allocations. > > > >Because we still need to allow reading large images, this works only to > >a certain degree and we still can get fairly large allocations, which > >are not unthinkable to fail on some machines. > > > >This series converts potentially large allocations to g_try_malloc() and > >friends and handles failure gracefully e.g. by returning -ENOMEM. This > >may cause hot-plug of a new disk or individual requests to fail, but the > >VM as a whole can keep running. > > Ping – is there anything missing here? This series does contain one > patch from me, so I'm naturally interested in seeing this series > getting merged. ;-)
Whoops, thanks for the reminder. I completely forgot about this series. Applied it to the block branch now. Kevin
