On 06/11/2018 15:52, Thomas Huth wrote: > On 2018-11-02 10:05, P J P wrote: >> +-- On Sat, 27 Oct 2018, P J P wrote --+ >> |+-- On Sun, 21 Oct 2018, P J P wrote --+ >> || The length parameter values are not negative, thus use an unsigned >> || type 'size_t' for them. Many routines pass 'len' values to memcpy(3) >> || calls. If it was negative, it could lead to memory corruption issues. >> || Add check to avoid it. >> || >> || Reported-by: Arash TC <tohidi.ar...@gmail.com> >> || Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> >> || --- >> || bt-host.c | 8 +++--- >> || bt-vhci.c | 7 +++--- >> || hw/bt/core.c | 2 +- >> || hw/bt/hci-csr.c | 20 +++++++-------- >> || hw/bt/hci.c | 38 ++++++++++++++-------------- >> || hw/bt/hid.c | 10 ++++---- >> || hw/bt/l2cap.c | 56 ++++++++++++++++++++++-------------------- >> || hw/bt/sdp.c | 6 ++--- >> || hw/usb/dev-bluetooth.c | 12 ++++----- >> || include/hw/bt.h | 8 +++--- >> || include/sysemu/bt.h | 10 ++++---- >> || 11 files changed, 90 insertions(+), 87 deletions(-) >> || >> || Update v1: add assert check in vhci_host_send. Also check other places >> wherein >> || length is used with fixed size buffers. >> || -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03831.html >> | >> | Ping...! >> >> Ping...! > > The bluetooth subsystem is completely unmaintained, so if Paolo does not > want to pick it up through his "misc" tree, maybe Peter could apply this > patch directly? Or maybe it could go through the trivial tree since it > does not look very complicated? > > FWIW, the patch looks OK to me at a first glance, so: > > Acked-by: Thomas Huth <th...@redhat.com> > > PS: I still think we should deprecate the bt subsystem, since nobody > really touched it within years... >
I can add it to the trivial-patches branch, but I don't plan any pull request before the 3.1 release in December. Thanks, Laurent