[Spice-devel] [CVE-2014-3615 PATCH v2 3/3] spice: make sure we don't overflow ssd->buf
Gerd Hoffmann
kraxel at redhat.com
Fri Sep 5 02:33:20 PDT 2014
On Fr, 2014-09-05 at 11:06 +0200, Laszlo Ersek wrote:
> > Makes sense. I think it is easier to just multiply in 64bit, then
> check
> > the result is small enougth (new patch attached).
>
> Okay, if you can guarantee that the product fits in uint64_t, then
> such
> a check would suffice.
>
> New patch has not been attached though :)
Oops. Here we go.
cheers,
Gerd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-spice-make-sure-we-don-t-overflow-ssd-buf.patch
Type: text/x-patch
Size: 2840 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20140905/a85d5838/attachment.bin>
More information about the Spice-devel
mailing list