On Tue, 16 Apr 2019 at 14:35, Peter Maydell <peter.mayd...@linaro.org> wrote: > > On Mon, 15 Apr 2019 at 16:45, Daniel P. Berrangé <berra...@redhat.com> wrote: > > > > Two previous attempts to fix this due to GCC 9 highlighting > > unaligned data access. My attempt: > > > > https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg07763.html > > > > And a previous one: > > > > https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg07923.html > > https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00162.html > > > > There are a number of bugs in the USB MTP usb_mtp_write_metadata > > method handling the filename character set conversion. > > > > The 2nd patch in this series is a security flaw fix since the > > code was not correctly validating guest provided data length. > > Given that we don't seem to be confident in this fix just now, > and this is a read-only buffer overrun in a not-commonly-used > feature that only happens if you explicitly enable write support, > my current thought is that we should not try to put this into 4.0 > (but instead treat it as we would a security issue that had > occurred after we released 4.0). > > Opinions? Maybe we should just apply patch 2/3 for 4.0 ?
Having thought a bit more I think I'd definitely like to apply just patch 2 for 4.0. Could people try to test that and confirm that it at least does not make the feature behave any worse? thanks -- PMM
