On Tue, 16 Apr 2019 at 18:27, Peter Maydell <peter.mayd...@linaro.org> wrote: > > On Tue, 16 Apr 2019 at 14:35, Peter Maydell <peter.mayd...@linaro.org> wrote: > > > > On Mon, 15 Apr 2019 at 16:45, Daniel P. Berrangé <berra...@redhat.com> > > wrote: > > > > > > Two previous attempts to fix this due to GCC 9 highlighting > > > unaligned data access. My attempt: > > > > > > https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg07763.html > > > > > > And a previous one: > > > > > > https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg07923.html > > > https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00162.html > > > > > > There are a number of bugs in the USB MTP usb_mtp_write_metadata > > > method handling the filename character set conversion. > > > > > > The 2nd patch in this series is a security flaw fix since the > > > code was not correctly validating guest provided data length. > > > > Given that we don't seem to be confident in this fix just now, > > and this is a read-only buffer overrun in a not-commonly-used > > feature that only happens if you explicitly enable write support, > > my current thought is that we should not try to put this into 4.0 > > (but instead treat it as we would a security issue that had > > occurred after we released 4.0). > > > > Opinions? Maybe we should just apply patch 2/3 for 4.0 ? > > Having thought a bit more I think I'd definitely like to apply > just patch 2 for 4.0. Could people try to test that and confirm > that it at least does not make the feature behave any worse?
I've done a tentative merge test of patch 2, which is OK. I'd like to push that either today or tomorrow (uk time): objections? thanks -- PMM
