subject:"\[PATCH v3 1\/2\] hw\/i386\: Improve bounds checking in OVMF table parsing"

Re: [PATCH v3 1/2] hw/i386: Improve bounds checking in OVMF table parsing

2022-02-22 Thread Dr. David Alan Gilbert

* Dov Murik (dovmu...@linux.ibm.com) wrote: > When pc_system_parse_ovmf_flash() parses the optional GUIDed table in > the end of the OVMF flash memory area, the table length field is checked > for sizes that are too small, but doesn't error on sizes that are too > big (bigger than the flash

Re: [PATCH v3 1/2] hw/i386: Improve bounds checking in OVMF table parsing

2022-02-22 Thread Daniel P . Berrangé

On Tue, Feb 22, 2022 at 07:19:05AM +, Dov Murik wrote: > When pc_system_parse_ovmf_flash() parses the optional GUIDed table in > the end of the OVMF flash memory area, the table length field is checked > for sizes that are too small, but doesn't error on sizes that are too > big (bigger than

[PATCH v3 1/2] hw/i386: Improve bounds checking in OVMF table parsing

2022-02-21 Thread Dov Murik

When pc_system_parse_ovmf_flash() parses the optional GUIDed table in the end of the OVMF flash memory area, the table length field is checked for sizes that are too small, but doesn't error on sizes that are too big (bigger than the flash content itself). Add a check for maximal size of the OVMF