[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Two small patches related to xenfb
Rafal Wojtczuk wrote: > Hello, > Two minor issues: > row_stride_div0.patch: a malicious frontend can send row_stride==0 and force > qemu-dm to perform division by 0 Ok. > vnc_resize_doublecheck.patch: there is an unchecked multiplication when > calculating framebuffer size. Cs 17630 sanitizes framebuffer dimensions > passed by the frontend, so most probably no integer overflow can happen, but > there should be a check for overflow close to the actual computation (to > make code review easier and to cope with other codepaths in the future). If bogous values can make it through the sanity checks in xenfb_configure_fb() then those sanity checks must be fixed. Adding another check somewhere else certainly doesn't make review easier. In contrast it makes error handling more complicated because there are multiple places where you have to deal with errors instead of just one functions which does all sanity checks. cheers, Gerd _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |