[Libguestfs] [PATCH v2 1/2] lib: change how hbin sections are read.
Richard W.M. Jones
rjones at redhat.com
Wed Feb 15 22:59:33 UTC 2017
OK, I ended up turning the warning off. It appears from the
info file that the warning is about GCC not being able to make
an optimization, not a bug in the code.
However I do have a more substantial problem with the patch.
By checking the offset against h->endpages, we're using an untrusted
field supplied to us by the hive, which means that a crafted hive
could cause us to walk through memory past the end of the file --
a security issue.
So I think the test should be using h->size with the additional
check for off >= h->endpages, as in the existing outer loop.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
More information about the Libguestfs
mailing list