On Sat, Apr 14, 2018 at 11:44 PM, Su Hang <suhan...@mails.ucas.ac.cn> wrote: > Thanks for your detailed reply! I will carefully treat > all the content that you mentioned, and apply them in v5.
By the way, if you are wondering why the parser needs to validate everything, here is an example scenario: QEMU may be used to host an online micro:bit simulator where the user can provide a .hex file. In that case QEMU is running on a server and the .hex file is provided by an untrusted user. That user must not be able to crash QEMU (and exploit security holes). Stefan
