On 04/12/2010 04:57 AM, wzt@gmail.com wrote:
coalesced_mmio_write() is not check the len value, if len is negative,
memcpy(ring->coalesced_mmio[ring->last].data, val, len); will cause
stack buffer overflow.
How can len be negative? It can only be between 1 and 8.
--
I have a truly ma
Does len need to be int? Perhaps it should be unsigned int?
Stefan
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
coalesced_mmio_write() is not check the len value, if len is negative,
memcpy(ring->coalesced_mmio[ring->last].data, val, len); will cause
stack buffer overflow.
Signed-off-by: Zhitong Wang
---
virt/kvm/coalesced_mmio.c |4
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a