On Wed, Nov 21, 2018 at 04:19:11PM +0530, P J P wrote: > Hello Gerd, > > +-- On Mon, 12 Nov 2018, Gerd Hoffmann wrote --+ > | On Tue, Oct 30, 2018 at 09:23:40AM +0100, Gerd Hoffmann wrote: > | > Fixes: CVE-2018-??? > | > Cc: P J P <ppan...@redhat.com> > | > | ping, do we have a cve number meanwhile? > > No, the off-by-one does not seem to have an adverse effect. One byte past > AR_TABLE[75] array would likely read into DR_TABLE[75] array, which would > anyway be accessible to a driver. It does not seem to crash Qemu either. I > think it's more of a bug fix, than security fix. Hope that's okay.
Ok, makes sense, I'll drop the cve line then and queue the patch. cheers, Gerd
