[Spice-devel] [CVE-2014-3615 PATCH v2 3/3] spice: make sure we don't overflow ssd->buf
kraxel at redhat.com
Fri Sep 5 02:33:20 PDT 2014
On Fr, 2014-09-05 at 11:06 +0200, Laszlo Ersek wrote:
> > Makes sense. I think it is easier to just multiply in 64bit, then
> > the result is small enougth (new patch attached).
> Okay, if you can guarantee that the product fits in uint64_t, then
> a check would suffice.
> New patch has not been attached though :)
Oops. Here we go.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2840 bytes
Desc: not available
More information about the Spice-devel