[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [virt-tools-list] [PATCH virt-viewer 15/19] Hook up handling of Monitors



On Tue, Jul 17, 2012 at 05:56:46PM +0200, Marc-André Lureau wrote:
> this is not yet a buffer overflow proof, but you are getting closer perhaps.

For this kind of stuff, I prefer to err on the "there's a buffer overflow
unless proven otherwise", it's too dangerous to make the opposite
assumption.

> > So what we are trusting here is an arbitrary value provided by the guest
> > system?
> 
> Yes, no further checks after that afaict. So a misconfigured guest
> could trigger this error perhaps.

I'm more concerned about malicious guests than misconfigured ones.

Christophe

Attachment: pgpBTUoq28SnE.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]