On Nov 11 19:46, Philippe Mathieu-Daudé wrote:
> On 11/11/21 19:08, Klaus Jensen wrote:
> > On Nov 11 16:31, Philippe Mathieu-Daudé wrote:
> >> Both 'buf_len' and 'off' arguments are under guest control.
> >> Since nvme_c2h() doesn't check out of boundary access, the
> >> caller must check for even
On 11/11/21 19:08, Klaus Jensen wrote:
> On Nov 11 16:31, Philippe Mathieu-Daudé wrote:
>> Both 'buf_len' and 'off' arguments are under guest control.
>> Since nvme_c2h() doesn't check out of boundary access, the
>> caller must check for eventual buffer overrun on 'trans_len'.
>>
>> Cc: qemu-sta...
On Nov 11 16:31, Philippe Mathieu-Daudé wrote:
> Both 'buf_len' and 'off' arguments are under guest control.
> Since nvme_c2h() doesn't check out of boundary access, the
> caller must check for eventual buffer overrun on 'trans_len'.
>
> Cc: qemu-sta...@nongnu.org
> Reported-by: Qiuhao Li
> Fixes
Both 'buf_len' and 'off' arguments are under guest control.
Since nvme_c2h() doesn't check out of boundary access, the
caller must check for eventual buffer overrun on 'trans_len'.
Cc: qemu-sta...@nongnu.org
Reported-by: Qiuhao Li
Fixes: f432fdfa121 ("support changed namespace asynchronous event"
