From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:59644) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVfyK-0000Cy-R1 for qemu-devel@nongnu.org; Fri, 26 Apr 2013 06:33:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UVfyJ-00029Q-Ub for qemu-devel@nongnu.org; Fri, 26 Apr 2013 06:33:44 -0400 Received: from mx1.redhat.com ([209.132.183.28]:63072) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVfyJ-00029M-MW for qemu-devel@nongnu.org; Fri, 26 Apr 2013 06:33:43 -0400 Message-ID: <517A57FD.3090700@redhat.com> Date: Fri, 26 Apr 2013 18:33:33 +0800 From: Jason Wang MIME-Version: 1.0 References: <1366875807-3491-1-git-send-email-jasowang@redhat.com> <87fvyebbwb.fsf@codemonkey.ws> <20130425210242.GB2908@redhat.com> <878v461c1k.fsf@codemonkey.ws> <517A0B3D.1020202@redhat.com> <517A57AB.60804@redhat.com> In-Reply-To: <517A57AB.60804@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] virtio: abort on zero config length List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: Anthony Liguori , qemu-devel@nongnu.org, "Michael S. Tsirkin" On 04/26/2013 06:32 PM, Eric Blake wrote: > On 04/25/2013 11:06 PM, Jason Wang wrote: >>>> if (addr > (vdev->config_len - sizeof(val))) >>>> >>>> ^^^^^^^^^ quiz: spot a bug above if config_len is 0 :) >>> Then we need to fix these bugs and allocate a CVE. virtio-rng has >>> shipped. This code is also dumb. >> Ok, but since the discussion is in public list, no need for CVE then. > Wrong. CVEs are useful even for publicly disclosed bugs. It tells > people whether they need to upgrade in order to avoid a vulnerability. > > What we don't need is embargo. But we do need a CVE. > True, thanks for the correction.