Am 28.02.2012 11:00, schrieb Stefan Hajnoczi:
> On Tue, Feb 28, 2012 at 9:47 AM, Kevin Wolf <kw...@redhat.com> wrote:
>> Am 28.02.2012 10:33, schrieb Stefan Hajnoczi:
>>> On Mon, Feb 27, 2012 at 4:27 PM, Kevin Wolf <kw...@redhat.com> wrote:
>>>> + if (ext.len > 65536) {
>>>> + error_report("Header extension larger than 64k - this looks
>>>> wrong");
>>>> + return -ENOTSUP;
>>>> + }
>>>
>>> This is an implementation limit and not in the spec, but I think it's
>>> reasonable.
>>>
>>> Reviewed-by: Stefan Hajnoczi <stefa...@linux.vnet.ibm.com>
>>
>> Hm, actually, now that I look at this patch again, I think there's a
>> much better error condition that even matches the spec:
>>
>> if (offset + ext.len > end_offset)
>
> Careful, integer overflow.
offset/end_offset are uint64_t offsets into the first cluster, ext.len
is uint32_t. Looks safe.
Kevin
