On Fri, 17 Oct 2003, Simon Glover wrote:
>
> On Fri, 17 Oct 2003, Dan Sugalski wrote:
>
> > On Fri, 17 Oct 2003, Simon Glover wrote:
> >
> > >
> > > What, if any, validation of their input should the register access
> > > functions in the extension API do? Currently, they don't do any,
> > > wh
On Fri, 17 Oct 2003, Dan Sugalski wrote:
> On Fri, 17 Oct 2003, Simon Glover wrote:
>
> >
> > What, if any, validation of their input should the register access
> > functions in the extension API do? Currently, they don't do any,
> > which means that you can create a buffer overflow simply by
On Fri, 17 Oct 2003, Simon Glover wrote:
>
> What, if any, validation of their input should the register access
> functions in the extension API do? Currently, they don't do any,
> which means that you can create a buffer overflow simply by using
> a register number >31 or <0; eg,
>
>Parro