Re: [PATCH] KVM: Enhance the coalesced_mmio_write() parameter toavoid stack buffer overflow

From: Avi Kivity
Date: Mon Apr 12 2010 - 06:28:41 EST

Next message: Cong Wang: "Re: [v3 Patch 2/3] bridge: make bridge support netpoll"
Previous message: Avi Kivity: "Re: [PATCH 2/6] KVM MMU: fix kvm_mmu_zap_page() and its calling path"
In reply to: Stefan Hajnoczi: "Re: [PATCH] KVM: Enhance the coalesced_mmio_write() parameter to avoid stack buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/12/2010 04:57 AM, wzt.wzt@xxxxxxxxx wrote:

coalesced_mmio_write() is not check the len value, if len is negative,
memcpy(ring->coalesced_mmio[ring->last].data, val, len); will cause
stack buffer overflow.

How can len be negative? It can only be between 1 and 8.

--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Cong Wang: "Re: [v3 Patch 2/3] bridge: make bridge support netpoll"
Previous message: Avi Kivity: "Re: [PATCH 2/6] KVM MMU: fix kvm_mmu_zap_page() and its calling path"
In reply to: Stefan Hajnoczi: "Re: [PATCH] KVM: Enhance the coalesced_mmio_write() parameter to avoid stack buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]