Kevin Wolf <kw...@redhat.com> writes: > A not too small part of the recent CVEs were DoS scenarios by letting > qemu abort with too large memory allocations. We generally "fixed" these > cases by setting some limits on values read from image files that > influence the size of allocations.
Just double-checking: do these limits ensure the size calculations in arguments of g_malloc() etc. can't overflow? > Because we still need to allow reading large images, this works only to > a certain degree and we still can get fairly large allocations, which > are not unthinkable to fail on some machines. > > This series converts potentially large allocations to g_try_malloc() and > friends and handles failure gracefully e.g. by returning -ENOMEM. This > may cause hot-plug of a new disk or individual requests to fail, but the > VM as a whole can keep running. I guess the resulting error paths are untested. Just sayin', I'm not asking you to test them. [...]
