[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/2] lzo: check for length overrun in variable length encoding

Jan Beulich writes ("[PATCH 2/2] lzo: check for length overrun in variable 
length encoding"):
> This fix ensures that we never meet an integer overflow while adding
> 255 while parsing a variable length encoding. It works differently from
> commit 504f70b6 ("lzo: properly check for overruns") because instead of
> ensuring that we don't overrun the input, which is tricky to guarantee
> due to many assumptions in the code, it simply checks that the cumulated
> number of 255 read cannot overflow by bounding this number.

AFAICT this decompressor is exposed to untrusted guest kernel images.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.