[Libguestfs] [PATCH] lib: update inspect_list_applications to return all installed RPMs (RHBZ#859885)
John Eckersberg
jeckersb at redhat.com
Mon Oct 29 19:56:35 UTC 2012
"Richard W.M. Jones" <rjones at redhat.com> writes:
> On Mon, Oct 29, 2012 at 03:12:36PM -0400, John Eckersberg wrote:
>> >> + offset = be32toh(*(uint32_t *) (cursor + 8));
>> >> + return safe_strdup(g, store + offset);
>
> .. and also isn't this calculation suspect? 'offset' is entirely
> calculated from user data, potentially causing 'store + offset' to
> point to more or less arbitrary memory in the process.
Yeah I just realized that. I will send a revised patch to the list
shortly that addresses these.
More information about the Libguestfs
mailing list