Re: Two small patches related to xenfb

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gerd Hoffmann <kraxel@redhat.com>
To: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Cc: xen-devel@lists.xensource.com
Subject: Re: Two small patches related to xenfb
Date: Mon, 29 Sep 2008 11:13:14 +0200	[thread overview]
Message-ID: <48E09C2A.6000203@redhat.com> (raw)
In-Reply-To: <20080926140548.GC31985@emperor2.home.aster.pl>

Rafal Wojtczuk wrote:
> Hello,
> Two minor issues:
> row_stride_div0.patch: a malicious frontend can send row_stride==0 and force
> qemu-dm to perform division by 0

Ok.

> vnc_resize_doublecheck.patch: there is an unchecked multiplication when
> calculating framebuffer size. Cs 17630 sanitizes framebuffer dimensions
> passed by the frontend, so most probably no integer overflow can happen, but
> there should be a check for overflow close to the actual computation (to
> make code review easier and to cope with other codepaths in the future). 

If bogous values can make it through the sanity checks in
xenfb_configure_fb() then those sanity checks must be fixed.

Adding another check somewhere else certainly doesn't make review
easier.  In contrast it makes error handling more complicated because
there are multiple places where you have to deal with errors instead of
just one functions which does all sanity checks.

cheers,
  Gerd

     prev parent reply	other threads:[~2008-09-29  9:13 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-09-26 14:05 Two small patches related to xenfb Rafal Wojtczuk
2008-09-26 14:45 ` Ian Jackson
2008-09-29  9:13 ` Gerd Hoffmann [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48E09C2A.6000203@redhat.com \
    --to=kraxel@redhat.com \
    --cc=rafal@invisiblethingslab.com \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.