[virt-tools-list] [PATCH virt-viewer 15/19] Hook up handling of Monitors
Christophe Fergeau
cfergeau at redhat.com
Tue Jul 17 16:04:10 UTC 2012
On Tue, Jul 17, 2012 at 05:56:46PM +0200, Marc-André Lureau wrote:
> this is not yet a buffer overflow proof, but you are getting closer perhaps.
For this kind of stuff, I prefer to err on the "there's a buffer overflow
unless proven otherwise", it's too dangerous to make the opposite
assumption.
> > So what we are trusting here is an arbitrary value provided by the guest
> > system?
>
> Yes, no further checks after that afaict. So a misconfigured guest
> could trigger this error perhaps.
I'm more concerned about malicious guests than misconfigured ones.
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20120717/28a19839/attachment.sig>
More information about the virt-tools-list
mailing list