Re: [Libguestfs] [PATCH v2 1/2] lib: change how hbin sections are read.

OK, I ended up turning the warning off.  It appears from the
info file that the warning is about GCC not being able to make
an optimization, not a bug in the code.

However I do have a more substantial problem with the patch.
By checking the offset against h->endpages, we're using an untrusted
field supplied to us by the hive, which means that a crafted hive
could cause us to walk through memory past the end of the file --
a security issue.

So I think the test should be using h->size with the additional
check for off >= h->endpages, as in the existing outer loop.


